There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. - Source: Hacker News / 3 months ago

EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users. Source: about 1 year ago

There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used. Source: almost 2 years ago

> The server can at any time start serving malicious payloads True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different). In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers... - Source: Hacker News / about 2 years ago

Something like a browser extension for this does already exist, fortunately: https://github.com/tasn/webext-signed-pages. - Source: Hacker News / over 2 years ago

None of these are a replacement of Terraform Cloud (recently rebranded to HCP Terraform). For example, when you create a PR, it could affect multiple workspaces. The new experimental version of TFC/TFE (I refuse to call it HCP!) implements Stacks, which is something like a workflow, and links one workspace output to other workspace inputs. None of the open-source solutions, including the paid Digger [0], support... - Source: Hacker News / 28 days ago

I'm part of the founding team at Digger, an Open Source Terraform Enterprise alternative. For the past few days, I have been wanting to talk about why the usual metrics in Commercial Open Source just don't cut it anymore. Source: 11 months ago

Depending on the organisation, it is not always a good idea to make assumptions on what another team will be doing to use your module. Don't get me wrong, there are attempts at making cross-platform workflows like digger.dev, or RedHat who have recently released an ansible playbook that runs terraform (so in theory you'd only need ansible then) but at the very minimum, be aware if you tightly integrate your... Source: about 1 year ago

We are building an open source terraform cloud alternative (https://digger.dev/) and are looking to start a bounty program. Source: about 1 year ago

Digger Low code tool that can generate infrastructure for your code in your AWS account. So you can build on AWS without having to learn it. 🔗 http://digger.dev. - Source: dev.to / almost 2 years ago