Add a new verifier(?) command that validates artifact signatures by checking the issuer and subject fields in the signature. The command should allow interacting with artifacts only if they are signed by trusted sources. The users may define the trusted sources in a list or object format. If an artifact is not signed by a entity in the users trusted source list, it should be denied.
Add a new
verifier(?)
command that validates artifact signatures by checking theissuer
andsubject
fields in the signature. The command should allow interacting with artifacts only if they are signed by trusted sources. The users may define the trusted sources in a list or object format. If an artifact is not signed by a entity in the users trusted source list, it should be denied.