Episode 73 - Sign of the Times with Google and Sigstore's Dan Lorenc

Dan Lorenc is a Software Engineer at Google and lead for Project Sigstore a Linux Foundation project. Dan talks about his history at google with projects such as skaffold and minikube which inspired his work currently with Project Sigstore. Dan currently works on a cloud native project called Sigstore which is a non-profit, public good software signing & transparency service. Software supply chains are exposed to multiple risks. Users are susceptible to various targeted attacks, along with account and cryptographic key compromise. Keys in particular are a challenge for software maintainers to manage. We talk Software Supply Chain Security and Software Supply Chain Devops along with our mutual love of our home of Upstate NY. Dan provides some valuable advice on how to protect your software supply chain and this is a very fun episode! On June 18th 2021 - we will be holding our first Root Key ceremony on June 18th at 2pm Eastern on June 18th at 2pm Eastern on CloudNative.tv (CNCF twitch). Please join us more details at this link: https://blog.sigstore.dev/a-new-kind-of-trust-root-f11eeeed92ef