Book Signing at The Toronto Comic Arts Festival this Saturday, May 11th! I'll be located on Floor 2, Table 2014/2015 (the @01firstsecond table) at 10:30am! Excited to sign your books and doodle in them! Hope to see all you wonderful folks there! #grickledoodle#horror#comics#tcaf#cartoon#reading#signing#books#art#drawing#funny
@b0rk just looking at my urlview-ng tree, notes/ and remotes/ are two other very common ref namespaces
well, remotes/ is much more common, i s'pose, since git notes are kinda ass, but a common application for the latter, besides git notes on a commit in the default namespace being shown in the log and format-patch, is tarball signatures (this feature originated in cgit i think? but shart supports it as well – https://man.sr.ht/git.sr.ht/#signing-tagsx27-tarballs yielding the ".asc"-described links on https://git.sr.ht/~nabijaczleweli/urlview-ng/refs)
You've read about F-Droid's #reproducibleBuilds recently? Now, the #IzzySoftRepo repo makes use of that implementation. How, you ask?
Well: part of the process is to compare APKs and make sure they carry the signature of their authors. That's done by fdroidserver whenever the YAML file of an app has "AllowedAPKSigningKeys:" defined. APKs with not-matching signatures are rejected. That's used by my repo now to make sure updates are "legit" (and not placed to the repo by a malicious actor). (1/4)
Dear #Android#developers, take good care of your #signing keys! Watch them like your crown jewels! Don't let them get into the wrong hands!
NO! Do NOT upload them to Github/GitLab etc. Have a good (encrypted!) backup of them – not on the disk of your development machine, but elsewhere. So should your machine crash, you'll still have them. Your code is in your repo, your keys are in a safe place – then you and those using your apps are fine! (4/4)
Some people think that supply chain security is just #SBOM and #signing. Those are important, especially in some scenarios, but what is really important in supply chain security is taking responsibility and accountability for the security of any component that you use in your application.
Complexity welcomes Elige! (twitter.com)