Puerco

@puerco

Adolfo García Veytia / Technical Lead SIGRelease / Senior DevOps Engineer / Emeritus / proto-historian / dad / WorldCyclist

Joined April 2007

Tweets

You blocked @puerco

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @puerco

  1. Pinned Tweet
    Jun 9

    This is one of the best days of my life. Today, I became one of the Technical Leads of SIG Release along with my friend and personal hero . I am incredibly grateful, the Release Engineering team has given me so much. ☺️🎉

    Show this thread
    Undo
  2. Retweeted
    Nov 24

    The v1.23.0-rc.0 release candidate is out! Thank you to for ✂️the rc, creating the release-1.23 branch & release-1.23 jobs and a whole lot more. ❤️❤️❤️

    Undo
  3. Retweeted
    Nov 23
    Replying to

    Open a bottle of something strong when you start integration with AWS IAM.

    Undo
  4. Nov 22

    I'm incredibly happy to have my cloud native hermano in Mexico City. Welcome Joe! 🤗

    Undo
  5. Retweeted
    Nov 21

    How does K8s release is going to be more secured? is taking us into some history and what is coming next in the release process

    Undo
  6. Retweeted
    Nov 20

    It's that time of the year for butterflies in Mexico.

    Undo
  7. Retweeted
    Nov 19

    Look, the v2 root is up! Running `cosign initialize` downloads the new targets. Check out the new GCP v1 Fulcio cert. Thank you keyholders!

    Undo
  8. Retweeted
    Nov 19

    Kick off your weekend with a little mythbusting as and I walk you through the top 5 myths of sigstore, plus a bonus!

    Undo
  9. Nov 18

    Our dear has been doing a ton of work cleaning up the image promoter. Now, is building on top of the new promoter tools to release the provider images for . Great work!

    Undo
  10. Retweeted
    Nov 18

    : We're now serving up with a side of ! Piping hot patch releases with love from your !

    Undo
  11. Retweeted
    Nov 18

    Release Engineering’s (specially ) work on SLSA compliance and SBOM benefits the community. Thank you and

    Undo
  12. Nov 17
    Show this thread
    Undo
  13. Nov 17

    Thanks for all your help today cutting the releases! Shout out to and special thanks to !

    Show this thread
    Undo
  14. Nov 17

    In the next few days, we plan to reach out to our wonderful friends in SIG Security to share our work and find areas where we can work together! (hi et al!)

    Show this thread
    Undo
  15. Nov 17

    In order to lay the road ahead, SIG Release has just filed KEP-3027: The proposal details some of the work we want to carry out to reach SLSA compliance at higher levels. Drop your thoughts there!

    Show this thread
    Undo
  16. Nov 17

    But more importantly: this prototype is simply proof that we are now at a point where we have the required data and code to plan towards the future, to the higher SLSA levels 🛩️ Our tools now build on each other. The provenance subjects are built from data in the SBOMs for exmpl

    Show this thread
    Undo
  17. Nov 17

    These are of course open for comments and suggestions. Let us know how we can improve the attestations. Some improvements are in the works/and or under discussion. Of note are digital signatures which are under discussion and will soon get an enhancement proposal of their own✍️🏽

    Show this thread
    Undo
  18. Nov 17

    Provenance attestations can now be downloaded for each release, they are in-toto statements with SLSA 0.1 predicates in them (v0.2 in the works!). To check out the provenance metadata, download the provenance.json file stored along the K8s source:

    Show this thread
    Undo
  19. Nov 17

    SLSA or Supply-chain Levels for Software Artifacts Is a security framework to secure software supply chains: These releases are now SLSA1 compliant from staging to release. This means that we can attest to the origin of the artifacts we are shipping.

    Show this thread
    Undo
  20. Nov 17

    November patch releases are out! v1.20.13 - v1.21.7 - v1.22.4 These releases are the first to be cut with the complete prototype SLSA 1 compliance code that Release Engineering has been building into our release process for the last few months. Some notes🧵👇🏽

    Show this thread
    Undo
  21. Retweeted
    Nov 17
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·