-
## Context:
1. [rubygems/rfcs#37](https://github.com/rubygems/rfcs/pull/37): resistance to sigstore adoption based on concerns about privacy and "vendorization"
2. [#371](https://github.com/sigsto…
-
**Description**
I have described how we are trying to use Cosign [here](https://github.com/sigstore/cosign/issues/1554#issuecomment-1256109541), but in short, we provision identity certificates to …
-
**Description**
_This is something I've been marinating on for some time, but was driven to open a tracking issue by https://github.com/sigstore/sigstore/issues/384_
**Problem:** baking in every…
-
# Problem
Suspect the issue is with `cosign`:
```
Run echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
Generating ephemeral keys...
Retrieving signed certificate...
Error: signing [gh…
-
Since 1.15 inclusive, `kwctl` fails for `kwctl run` when obtaining the Sigstore trust root automatically (the default behavior).
This happens regardless of cleaning `~/{.config,cache}/kubewarden`.
…
-
Hey!
Very cool project, and we were curious about your SLSA leveling and roadmapping.
I believe this achieves SLSA 2 when creating attestations for a command that produces a build artifact, sinc…
-
**Description**
The [documented](https://docs.sigstore.dev/cosign/verify/#local-verifications) x509 certificate verification isn't working as expected. This is broken in two different ways at HEAD …
-
> The GitHub Actions runner now sets the CI=true environment variable by default.
Source: https://github.blog/changelog/2020-04-15-github-actions-sets-the-ci-environment-variable-to-true/
Wouldn't…
-
**Issue**
Fulcio configuration is a bit of an inconsistent experience right now for the end user and as a developer. From an operator perspective:
- The OIDC provider details live on a config f…
-
Copying from the doc, from @segiddins: this bullet has some inaccuracies in it:
* The leaf certificate has SANs, not a subject (the subject is empty, since we only use SANs)
* The leaf's SANs shou…