![]() ![]() There are two groups of people who tend to publish open source code. In this post I'll go over how one sets up their development environment to support this workflow. Using Git's built in support for PGP open in new window signing and pairing it with Keybase open in new window provides you with a great framework on which to build and verify that trust. The simple fact is that by adopting code someone else has written, you are entrusting your clients' security to them - you best be certain that trust is wisely placed. This requirement extends beyond simply ensuring that malicious actors cannot modify the code we've published, something GitHub and its kin ( usually open in new window) do a very good job of preventing. With the increasing popularity of Git as a tool for open source collaboration, not to mention distribution of code for tools like Go open in new window, being able to verify that the author of a piece of code is indeed who they claim to be has become absolutely critical.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |