-
Could you add a GH action to wrap the latest into a Docker image and publish it here on GH? I'd like to pull that container for API tests then.
I have a workflow that I run for my "real-time-source…
-
**Description**
Sigstore integrations is a large topic that does not have any specific documentation. We need to create a user journey and documentation for those who wish to integrate Sigstor…
-
Sigstore has an RFC 3161 TSA now, and signers can request a TSR from it while signing.
During signing, this would probably look like:
1. Doing signing as normal;
2. Submitting a timestamp requ…
-
`--offline` disables all possible online operations, including routine TUF trust root updates. This is desirable for offline environments where trust is pre-established or established asynchronously, …
-
Hi,
I wanted to ask if the feature "Signing models" is also planned for the new Model Zoo.
The following issue contains more details for reference.
https://github.com/onnx/onnx/issues/4046
Th…
-
## summary
We've been thinking about how `gh at verify` works. We've realized that `gh at verify` is in effect used to evaluate policy – and that therefore we have to improve its user experience.
As…
-
**Description**
We are hosting our own Sigstore and have deployed both Rekor and Fulcio with RSA keys hosted in AWS. We are not signing container images but exclusively blobs through e.g.
```
c…
-
There is information related to user verification of Python release artifacts downloaded from python.org on the website [Downloads page](https://www.python.org/downloads/). Originally this info was ab…
-
**Description**
The [`ManualTrustRoot`](https://docs.rs/sigstore/0.9.0/sigstore/trust/struct.ManualTrustRoot.html) struct leaks the `rustls_pki_types::CertificateDer` type inside of its public API.…
-
Consider fuzzing the library and adding to OSSFuzz (see https://github.com/google/oss-fuzz/pull/12368 for `sigstore-python`)