David Runge
I am a freelance software developer working on Arch Linux.
I am interested in and work on projects related to digital signatures, automation and package management.
Sessions
Signstar is a system for the creation of digital signatures, in which a central host provides access to a Hardware Security Module.
The Signstar host serves as an enclave with very restricted access and is based on a custom, image-based OS named Signstar OS.
Many OS artifacts today are still verified using proprietary, stateful keyring formats.
With the "File Hierarchy for the Verification of OS Artifacts (VOA)" an attempt is made to rid the ecosystem of this limitation by implementing a generic lookup directory.
With extensibility in mind, this unifying hierarchy currently provides integration for OpenPGP, with further integrations in planning.