Explore the security and trustworthiness of Sigstore's keyless code signing service in this 27-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the Sigstore ecosystem, examining how it protects public infrastructure while adhering to core principles of openness. Learn about the trust root, key management requirements, and the implementation of The Update Framework (TUF). Witness a live demonstration simulating a real-life compromise of critical components to test Sigstore's resilience. Gain insights into the Sigstore Community Root, initial trust establishment, ceremony operations, and root management. Discover the Sigstore TUF target layout, client usage, integration, and ecosystem. Equip yourself with knowledge to understand and trust Sigstore signatures for enhanced software supply chain security.