Josh and Kurt talk about their very silly GPG key management from the past. This is sadly a very true story that details how both Kurt and Josh protected their GPG keys. Josh’s setup is like something out of a very bad spy novel. It was very over the top for a key that reallyContinue reading “Episode 331 – GPG, but nothing makes sense”
Tag Archives: gpg
Episode 329 – Signing (What is it good for)
Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems to be. Is delivering software over https just as good as using a detached signature? How did we endContinue reading “Episode 329 – Signing (What is it good for)”
Open Source Security 