libgossamer
trillian
| libgossamer | trillian | |
|---|---|---|
| 13 | 9 | |
| 31 | 3,464 | |
| - | 0.2% | |
| 2.6 | 9.6 | |
| over 2 years ago | 1 day ago | |
| PHP | Go | |
| ISC License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libgossamer
-
Gossamer: Supply Chain Security for Open-Source Software
See the definition of AppendKey:
-
Backdoor in several WP Themes and Plugins from AccessPress
That's why Gossamer exists, though. (I would talk about it more on here, but I figured everyone's still sick of hearing about it.) :)
- Gossamer: Supply Chain Security for the PHP Ecosystem.
- GnuPG used to ask for your support to help protect online privacy
-
Composer Security Hardening
Anyway, Github is still online -- https://github.com/paragonie/libgossamer
-
I am Filippo Valsorda, Go cryptography lead and tool author, Ask Me Anything
More recently, I wrote a blog post about end-to-end encryption, and mentioned integrating with some sort of decentralized authority-free identity system like Gossamer.
trillian
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?
- Google's Trillian – Verifiable Data Structures
-
Key transparency: A transparent and secure way to look up public keys
Archived. Not sure when. :( I'm not sure what if anything is a decent replacement/substitute.
In the README examples I see text about what I think is Certificate Transparency. That was definitely the first thing this made me think of. There's also a lot of talk in the project about CONIKS[1], & associate research papers are about 'bringing key transparency to end users'.
The scenarios[2] are interesting, but I'm not sure fully how this project helps. They explicitly call out Upspin for encrypted storage, which was linked recently[3].
It appears to make heavy use of the Trillian cryptographically verifiable data store[4].
[1] https://www.schneier.com/blog/archives/2016/04/coniks.html
[2] https://github.com/google/keytransparency/blob/master/docs/s...
[3] https://news.ycombinator.com/item?id=31520559
[4] https://github.com/google/trillian
- Don't trust your logs! Implementing a Merkle tree for an Immutable Verifiable Log (in Go)
- GnuPG used to ask for your support to help protect online privacy
-
There's a guy who the Space Force and Defense Department are paying $250k a year to go to MIT to study Bitcoin for them, to see how they could use its ledger in the same way they use GPS to store and track accurate immutable information. He just got permission to go public with his work.
Related is Google Trillian: https://github.com/google/trillian
-
Threat Actors Now Target Docker via Container Escape Features
https://stackoverflow.com/questions/37058322/how-can-i-verif...
CT (Certificate Transparency) is another approach to validating certs wherein x.509 cert logs are written to a consistent, available blockchain (or in e.g. google/trillian, a centralized db where one party has root and backup responsibilities also with Merkle hashes for verifying data integrity). https://certificate.transparency.dev/ https://github.com/google/trillian
Does docker ever make the docker socket available over the network, over an un-firewalled port by default?
-
Tamper-Evident Logs
Yeah, right on!
We're looking in more depth at other use cases, developing a better understanding of which types of problems this might be useful for, and ways to reason about the properties you want/get from using systems like this (e.g. https://github.com/google/trillian/tree/master/docs/claimant...)
[Disclaimer: I work on CT, Trillian, and some other related projects]
What are some alternatives?
Composer - Dependency Manager for PHP
Proofable - General purpose proving framework for certifying digital assets to public blockchains
zenbot-sim-runner - A sim run batch aggregator / automator for Zenbot. Eases the process of backtesting and subsequent analysis of results.
PGPy - Pretty Good Privacy for Python
django-ca - Django app providing a Certificate Authority
advanced-custom-fields-pro - Advanced Custom Fields Pro, Git-ified. Automatically synced via GitHub Actions! This repository is just a mirror of the Advanced Custom Fields Pro plugin. Please do not send pull requests and issues.
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
tierney - Generic library for structured commands with explicit parallelism
sodium_compat - Pure PHP polyfill for ext/sodium
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems