Anyone interested in learning more about the problem with digital signatures can check out this article:
https://energycentral.com/c/ec/who-ya-gonna-trust This issue was discussed with the NTIA SBOM community in May 2021. Digital signature verification is a critical step in a EO 14028 implementation following NIST SP 800-161. Thanks, Dick Brooks Never trust software, always verify and report! T http://www.reliableenergyanalytics.com Email: d...@reliableenergyanalytics.com Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4387): https://lists.spdx.org/g/Spdx-tech/message/4387 Mute This Topic: https://lists.spdx.org/mt/89484403/21656 Group Owner: spdx-tech+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
