Loading…
Attending this event?
November 12, 2024 | Salt Lake City, Utah
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SigstoreCon Supply Chain Day 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

The schedule is subject to change.
← Back to schedule
The Challenges of Building a Sigstore Implementation from Scratch - Samuel Giddins, Ruby Central
Tuesday November 12, 2024 12:10pm - 12:40pm MST
Alpine
Sigstore Ruby now exists. So exciting! But bringing it to life was a challenge, particularly due to the goal of being able to ship it as a part of Ruby itself. Building a sigstore implementation atop only the standard library required writing a TUF client, implementing custom x509 handling, and abstracting over all the supported key types, among other challenges. This talk will explore those challenges, and dive into _why_ a sigstore implementation proves to be such an undertaking, hopefully inspiring some simplification for the next poor soul who attempts to build one from scratch.
Speakers
avatar for Samuel Giddins

Samuel Giddins

Security Engineer in Residence, Ruby Central
Samuel is the Security Engineer in Residence at Ruby Central, leading security efforts across RubyGems and RubyGems.org by day (and sometimes by night, CVEs never sleep). He's been working on Ruby tooling for the past decade, and has shipped hundreds of bugs across RubyGems & Bun... Read More →
Tuesday November 12, 2024 12:10pm - 12:40pm MST
Alpine
  Case Studies

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link