Today on the Sustain Podcast, we have a very special guest, Dan Lorenc, who is a Staff Software Engineer and the lead for Google’s Open Source Security Team. Dan founded projects like Minikube, Skaffold, TektonCD, and Sigstore. He blogs regularly about supply chain security and serves on the TAC for the Open SSF.
Dan fill us in on how Docker fits into what he’s doing at Google, he tells us about who’s running the Open Standards that Docker is depending on, and what he’s most excited for with Docker with standardization and in the future. We also learn a little more about a blog post he did recently and what he means by “package managers should become boring,” and he tells us how package managers can help pay maintainers to support their libraries. We learn more about his project Sigstore, and his perspective on the long-term growth of the software industry towards security and how that will change in the next five to ten years.
Go ahead and download this episode now to find out much more!
Sustain Episode 93: Dan Lorenc and OSS Supply Chain Security at Google