'Linux' Foundation is pushing 'attestations' (DRM), preventing users running programs of choice
-
Adding build provenance to Homebrew
We’re starting a new project in collaboration with Alpha-Omega and OpenSSF to improve the transparency and security of Homebrew. This six-month project will bring cryptographically verifiable build provenance to homebrew-core, allowing end users and companies to prove that Homebrew’s packages come from the official Homebrew CI/CD. In a nutshell, Homebrew’s packages will become compliant with SLSA Build L2 (formerly known as Level 2).
As the dominant macOS package manager and popular userspace alternative on Linux, Homebrew facilitates hundreds of millions of package installs per year, including development tools and toolchains that millions of programmers rely on for trustworthy builds of their software. This critical status makes Homebrew a high-profile target for supply chain attacks, which this project will help stymie.
-
Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2 [Ed: Trying to restrict what program you run on your own machine, under the gust of "protecting" you]
By the Alpha-Omega Team Alpha-Omega is pleased to announce a grant to the Homebrew project to enable Sigstore attestations and verification of Homebrew packages.