Send us a textThis Podcast details a presentation on enhancing the security of Drupal and Composer's software supply chain. The speakers discuss the inherent risks in digital supply chains and introduce initiatives like Drupal CMS and automatic updates, emphasizing the critical need for secure component delivery. They explain TUF (The Update Framework) and Rugged as key technologies implemented by the Drupal Association to cryptographically sign and verify Drupal packages. The presentation outlines the technical aspects of public key cryptography, digital signatures, and hash functions used in this process, alongside the architecture and ongoing development of the Rugged server. Ultimately, the goal is to ensure the integrity and authenticity of Drupal installations and updates, protecting against supply chain attacks.---This episode of DrupalBrief is sponsored by DrupalForge.org DrupalBrief.com

Ver todos los episodios