On 2024-03-31 04:22, Santiago Ruano Rincón wrote: > I don't see the real benefit. > > As others have said, the best solution is to relay on HSW for handling > the cryptographic material.
That's extremely important (which is why I use a HSM) but that "just" prevents exfiltration of the keys. An attacker could still simply modify dpkg-buildpackage or any other part of the toolchain to inject malicious code into one's builds that one then signs. As to the benefits, containers can do a lot that you probably couldn't do directly on your host. As an example, setting up/tearing down complex environments emulating multiple hosts. A more obvious example is developing for any environment that is not unstable. With containers, basically all you have to do is swap the name of the base image. Best, Christian (Santiago, sorry for sending it twice)
