dimitar-dimitrow
commented
11 months ago The focus has changed and signed image verification is implemented with notation-go instead of sigstore/cosign, for more information check this comment. The notation project specifies it's Trust Store and Trust Policy Specification, the path to the trustpolicy document is already provided by container-management daemon flag and no additional changes are needed in CLI and Things.
Signature verification must be possible through CLI and Things interfaces as well. For more information check - #67.