We (@developer-guy) thought that we can add cosign support in the boilerplate. Similar to how GitHub did for Action starter workflow. ^1 So that developers can sign their extensions (+ images) by default. Leveraging this gives your users confidence that the extensions they got from Docker's extension market was the trusted code that you built and published.
Furthermore, we can add a signed icon in the Docker Extension UI like how ArtifactHub did as follows:
We (@developer-guy) thought that we can add cosign support in the boilerplate. Similar to how GitHub did for Action starter workflow. ^1 So that developers can sign their extensions (+ images) by default. Leveraging this gives your users confidence that the extensions they got from Docker's extension market was the trusted code that you built and published.
Furthermore, we can add a signed icon in the Docker Extension UI like how ArtifactHub did as follows:
cc @dlorenc @cpanato