Speranza: Usable, privacy-friendly software signing. (arXiv:2305.06463v1 [cs.CR])

Software repositories, used for wide-scale open software distribution, are a
significant vector for security attacks. Much of this malicious behavior can be
traced to a lack of strong authentication for software. To mitigate this
problem, digital signatures provide confidence in the authenticity and
authorization for signers of the software, but introduce privacy problems by
exposing maintainers' personally identifiable information. The contribution of
this project, Speranza, is to allow for verification of authenticity for
software packages in a repository while providing …

attacks authentication authorization digital digital signatures distribution malicious malicious behavior privacy problem problems repositories scale security signatures signing software strong authentication