Kim Lewandowski and Michael Lieberman on Securing the Software Supply Chain with SLSA
The InfoQ Podcast
00:00
What's the Most Common Way of Generating a Merdeser?
There's a couple of different ways. Largely it could be generated by really anything that is tracking what the build is doing. The idea there is, you know, you should have your trusted c i service track everything that's going through. And then one of the other key requirements there is to then have that build service, once it's generated that medidata, sign it with an identity - preferably one that's short lived. Stuff like o i d c identities and the like are pretty common nowadays.
Transcript
Play full episode
