-
It's becoming clear that we're not telling a consistent story about "Fulcio identities." I filed https://github.com/sigstore/cosign/issues/1947 to address the fact that I've seen a number of instances…
-
**Description**
It would be nice to be able to specify which release version of the components should be stood up, for example:
https://github.com/sigstore/cosign/pull/2402#issuecomment-1301150996…
-
**Description**
There is currently no log monitor for Fulcio's CT log (ctfe.sigstore.dev). We should implement support for querying a RFC6962 API, for monitoring consistency and verifying ident…
-
it may be a useful component for others to create provenance with the same format across GH builders.
See https://github.com/sigstore/fulcio/issues/754#issuecomment-1227505585
-
I think these are all fine as incremental improvements. If I'm allowed to dream big:
--------------------------------------------------------------------------------
My overall philosophy here i…
-
Thanks to @EthanHeilman for the idea and sketch of how it might work.
Proof of concept plan:
1. Write/find code for [GQ signatures](https://crypto.stackexchange.com/questions/16015/proving-the-p…
-
**Description**
Define release cadence for :
- rekor
- cosign
- fulcio
- sigstore
with that we can publish the expected release dates for the community and also we can track the PR/Issues …
-
Hi @mayaCostantini , the guide which you wrote is very helpful for local sigstore setup.
I have configured the keycloak and fulcio as mentioned, but Im getting the below error.
main.go:74: error…
-
**Description**
See https://github.com/sigstore/fulcio/issues/955
The same goes for email: emails could be reused. For instance, suppose someone drops their gmail account, and somebody else creates …
-
Right now a typical OIDC Issuer config would look like this:
`
"https://keycloak.local/sigstore-realm": {
"IssuerURL": "https://key cloak.local/sigstore-realm",
…