BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//pyconhk2024//talk//RUHCB8
BEGIN:VTIMEZONE
TZID:HKT
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1
TZNAME:HKT
TZOFFSETFROM:+0800
TZOFFSETTO:+0800
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pyconhk2024-RUHCB8@pretalx.com
DTSTART;TZID=HKT:20241116T111000
DTEND;TZID=HKT:20241116T112500
DESCRIPTION:Organizations are challenged in ensuring that the container ima
 ge they are deploying is exactly what was produced in development and noth
 ing has changed before it runs in production. Cryptographic signing of con
 tainer images helps to verify the integrity of the image and makes sure it
  has not been tampered since its creation. Verification of the image signa
 ture also confirms that the expected software creator\, whose identity was
  certified at the moment of signing\, published the container image in the
 ir possession. \nIn this presentation\, I will use an open source project 
 “Sigstore”: a cryptographic signature tool that is for improving softw
 are supply chain security. The Sigstore framework empowers software develo
 pers and consumers to securely sign and verify software artifacts. Signatu
 res are generated with ephemeral signing keys so there’s no need to mana
 ge keys. Signing events are recorded in a tamper-resistant public log so s
 oftware developers can audit signing events.
DTSTAMP:20260520T131736Z
LOCATION:LT9
SUMMARY:Sign and verify Python package with Sigstore keyless signing - Fran
 kie Ng
URL:https://pretalx.com/pyconhk2024/talk/RUHCB8/
END:VEVENT
END:VCALENDAR