-
This is not a fully defined feature request but I wanted to write this down before holidays...
I was testing if a sigstore client (sigstore-python) _really_ can choose the "sigstore instance" purel…
-
From #910:
> Given the root is present in the trusted root file, I would prefer we still validate it. The intermediate being shipped in the trust root is more of an optimization, letting us avoid d…
-
It should be _pretty easy_ to have a basic flow so CI created images can be signed, and verified on pull. Not sure what algorithm(s) / tools we should use? Accessibility is key, both IRL and in CI, an…
-
### aqua info
aqua v2.25.0
### Overview
aqua uses Cosign v1.
https://aquaproj.github.io/docs/reference/security/cosign-slsa/#verify-packages-with-cosign
Recently, Sigstore has published…
-
**バグの説明**
以下のエラーでイメージのプッシュができない。
```
Run echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
Generating ephemeral keys...
Retrieving signed certificate...
Error: signing [ghcr.io/kyn…
-
For a given trusted root (especially with sigstore public good), the fulio/ca instance should optionally be allowed to specify a(or many?) sigstore specific trusted oidc provider(s).
Why?
This all…
-
EDIT: this issue was originally reported with the name: *MySql container has (fatal) incorrect Schema Error on startup: [ERROR] Native table 'performance_schema' ... has the wrong structure*. I've sin…
-
When running `kwctl verify` as follows, mirroring a failure shown on integration tests in CI, I get:
```
2024-03-20T10:36:23.248610Z WARN kwctl: Cannot fetch TUF repository: TufError(ParseMetadata …
-
**Description**
Normally `e2e` test is triggered when pull request event is triggered. But for the testing purpose an developers needs to run e2e locally to see changes. On running e2e locally it thr…
-
TAP 8 proposal is available at https://github.com/theupdateframework/taps/blob/master/tap8.md
Pull requests related to TAP 8:
https://github.com/theupdateframework/taps/pull/20
Discussion of TA…