Follow

PSA: If you maintain security critical binaries PLEASE seek the help of a security researcher with supply chain attack experience.

I do this for a living. Hit me up.

Don't be a Hashicorp and give your release signing private key to a third party automated system.

discuss.hashicorp.com/t/hcsec-

@lrvick This explains why my Vault PR was mysteriously failing due to a new PGP key. :)

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!