Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
pabs3
5 days ago
|
parent
|
context
|
favorite
| on:
Tinycolor supply chain attack post-mortem
mTLS aka TLS client certs seems like the way to go.
orphea
5 days ago
[–]
How is a client cert not another glorified static password? It would have been stolen from repo secrets the same way.
reply
pabs3
4 days ago
|
parent
[–]
You don't store them in repos on disk, but in a HSM so they can't be stolen, and then you protect signing access to them based on service/process information.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
