> Valve is generously providing backing for two
critical projects that will have a huge impact on our distribution: a
build service infrastructure and a secure signing enclave.
It sounds like Valve is investing in the security of Arch Linux's build infrastructure to prevent supply chain attacks.
I really hope Arch moves to a model like Debian where all packages are built by a central build server. The current strategy—having dozens of different developers compile stuff on their laptops, sign it personally, and then upload the binary blob—leaves a bit to be desired for obvious reasons.
Usually, at that level, an HSM (Hatdware Security Module (ex: https://www.entrust.com/products/hsm), but also a fair number of processes and procedures around things like private key generation, key attestation, key verification, certificate renewals, etc etc etc).
There are some parallels with a TPM, but also a great deal of divergence (more so than in common, really).
Arch already has a stable branch. If you mean a branch which doesn’t update packages and where "maintainers" pretend they back port "essential" fixes by randomly patching what they ship, I hope it never happens because it would mean Arch is truly dead.
[+] [-] uyzstvqs|1 year ago|reply
It sounds like Valve is investing in the security of Arch Linux's build infrastructure to prevent supply chain attacks.
[+] [-] unknown|1 year ago|reply
[deleted]
[+] [-] cyanmagenta|1 year ago|reply
[+] [-] AmpsterMan|1 year ago|reply
[+] [-] wiktor-k|1 year ago|reply
[+] [-] tetris11|1 year ago|reply
[+] [-] Sabinus|1 year ago|reply
[+] [-] beeflet|1 year ago|reply
wonder what this involves? TPM stuff?
[+] [-] T3OU-736|1 year ago|reply
There are some parallels with a TPM, but also a great deal of divergence (more so than in common, really).
[+] [-] Foxboron|1 year ago|reply
https://media.ccc.de/v/all-systems-go-2024-263-boring-infras...
[+] [-] brnt|1 year ago|reply
[+] [-] RandomThoughts3|1 year ago|reply
[+] [-] Am4TIfIsER0ppos|1 year ago|reply