What is keeping contributors from adding malware to Rocky Linux? The answer is simple. Transparency! All of the builds can be audited and everything is signed with GPG keys.
Speakers:
- Zane Hamilton, Vice President - Sales Engineering, CIQ
- Neil Hanlon, Solutions Architecture, CIQ
Note: This transcript was created using speech recognition software. While it has been reviewed by human transcribers, it may contain errors.
Transcript:
Zane Hamiliton:
What's keeping a contributor from putting something into this that is malicious?
Neil Hanlon:
I think the biggest thing that prevents malicious acts or malicious packages, or any wrongdoing is that same transparency. Because all the builds are auditable, you can see what went into them. We signed everything with their GBG keys allowing you to get the artifacts. Security is a net, not something that you can block completely. It would be difficult to get something.