-
sigstore-python's internal key management is currently a bit of a mess. The following parties are at play:
1. TUF/the trust root/bundle: this is the ultimate source of all of our "a priori" key mat…
-
**Describe the bug**
According to https://github.com/actions/runner/issues/159, the issue where the `add-mask` workflow command echoes/leaks the secret was supposed to be fixed, but we still observe …
-
Currently, we could only have one securesign stack deployed per cluster because of the way the routes are defined. For example
```
kubectl get routes -n securesign
NAME HOST/PORT…
-
As a new contributor, I want to be able to easily determine what are the goals of the project, what is the long-term direction of the project, and what is actively being worked on.
To solve the fir…
-
Current TrustUpdater implementation (the tuf component in sigstore-python) always returns keys/certs that have status "Active". Verification should also use status "Expired". I'm not 100% sure if this…
-
It looks like `d.txt.good.sigstore`'s leaf certificate has an extension for `1.3.6.1.4.1.57264.1.8` (i.e. OIDC Issuer V2) but not `1.3.6.1.4.1.57264.1.1` (i.e. the original OIDC Issuer extension).
…
-
**Description**
I am trying to write some go code to run rootless buildah. I was trying to make it work by myself, but it wasn't successful. I read the docs and also did some fmt.Println in sourc…
-
**Description**
I have been following [this blog](https://blog.sigstore.dev/sigstore-bring-your-own-stuf-with-tuf-40febfd2badd/) to run a sigstore setup including Rekor, Fulcio, and TUF locally. Ev…
-
Hi,
I am trying to use this action in one of my self-hosted [ARC](https://github.com/actions/actions-runner-controller) runners, but I get this error:
`Error: Failed to get ID token: error in sec…
-
Don't know why, but if I try to pull the latest container image tagged `master`, then I got an image with `sha256:6d484a6467ee134caba0781fc64a9938a02481c035f11561644357477f7fa62a`. While the [latest o…