-
**Description**
I have described how we are trying to use Cosign [here](https://github.com/sigstore/cosign/issues/1554#issuecomment-1256109541), but in short, we provision identity certificates to …
-
Hello, I noticed this project uses PGP signatures and wanted to make you all aware of [my proposed PEP](https://peps.python.org/pep-0761/) for deprecating PGP signatures in future Python versions. Ple…
-
This issue is meant to capture what integrations between cosign/keyless signatures/rekor and RPMs are desired by the community. Some of these may eventually become enhancement requests either in this …
-
When using dynamic users (`alwaysusedynamicusers`) I have trouble adding gpg keys.
When building a package which uses gpg to verify integrity I get `(unknown public key ...)`. Running `gpg --recv-k…
-
Currently, when `COSIGN_EXPERIMENTAL=1` is set, content is always published to rekor. However, when `--upload=false`, it should be possible to not only support storing image signatures and certificate…
-
### What would you like to be added (User Story)?
We are already signing our images with cosign, and this issue tracks the signing of `clusterctl` binary with cosign.
This will be followed by docum…
-
Hi! 👋
I'd like to thank everyone who has ever worked on this library, as it has helped me build things I wouldn't have built otherwise.
After years of using it, I understood XML Signatures bett…
-
According to https://github.com/theupdateframework/specification/blob/master/tuf-spec.md the TUF reference implementation only supports rsassa-pss-sha256, ed25519 and ecdsa-sha2-nistp256 - is this tru…
-
Sublinear ring signatures have been proposed before in multiple contexts and settings, including bilinear pairings and LWE approaches, and so on. For implementation, we must look at the _total time to…
-
**Github username:** --
**Submission hash (on-chain):** 0xe3c62c6546edd8b652a731dbcbaff6f24d971a29fe18cdbb29ce88ff9487b030
**Severity:** high severity
**Description:**
## Impact
The function `permit…