Open inglor opened 5 months ago
Hi @inglor, we've been discussing similar ideas in the past, there is an open RFC to integrate with Cosign. From this RFC, some new ideas came up, like the prepare
operation:
We are happy to get some help, ideas or if you want to keep working on the previous RFCs will be great
This is probably similar to or duplicating #268
I think you misunderstood the request. This is about signing with PGP key the release tag of this repository. No new feature request for pack itself :) just couldn't choose a category other than feature.
Oh! sorry about that @inglor , then I think is similar or duplicating this one #934 :)
Yes - I'll move discussion there.
As per suggestion on https://github.com/buildpacks/pack/issues/934#issuecomment-2073618114 re-opening this.
Description
Consider Signing tags of releases
Proposed solution
As the package maintainer of Arch Linux I would appreciate if you could help maintaining the chain of trust with PGP signatures on commits/tags. This can be handled from the Arch Linux build tools and can automatically validate PGP public key of the author of the commit/tag.
Tasks:
Describe alternatives you've considered
N/A
Additional context
N/A