linneman labs
content
···
✓
verified
home
/ channels / provenance
provenance / supply chain
fulcio · rekor · tesseract · dual-signed bundles
2026.03.20
Modeling hackerbot-claw Against My Own CI/CD
A single pull_request_target misstep turns a trusted GitHub workflow into a supply-chain backdoor.
2026.03.18
Running Your Own Transparency Infrastructure
The full Sigstore trust stack, self-hosted from a YubiKey CA up. No public good instance required.
view all posts →