OSS Provenance and Code Signing

OSS Provenance and Code Signing

Eclipse Foundation via YouTube Direct link

0:00:00 – Welcome to CRA Mondays & Session Overview

1 of 10
Next

1 of 10

0:00:00 – Welcome to CRA Mondays & Session Overview

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

OSS Provenance and Code Signing

Automatically move to the next video in the Classroom when playback concludes
  1. 1 0:00:00 – Welcome to CRA Mondays & Session Overview
  2. 2 0:04:39 – The Problem: Secure Distribution & Code Signing for OSS
  3. 3 0:09:08 – Project Eligibility: Admission Criteria for Signpath Foundation
  4. 4 0:13:16 – Build Requirements: Hosted Development, Branch Protection & SLSA-Style Controls
  5. 5 0:15:12 – Example Project: From GitHub Release to Signing Request
  6. 6 0:17:39 – The XZ Utils Supply Chain Attack Case Study
  7. 7 0:20:25 – Nested Signing: MSIs, EXEs, JARs & Runtime Components
  8. 8 0:24:12 – Code Signing Challenges & Signpath’s Certificate / CA Model GlobalSign
  9. 9 0:30:19 – Looking Ahead: Dependencies, Attestations & CRA Implications
  10. 10 0:34:43 – Q&A: Attestations, Interoperability & Working Group Next Steps

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.