Add a new verifier(?) command that validates artifact signatures by checking the issuer and subject fields in the signature. The command should allow interacting with artifacts only if they are signed by trusted sources. The users may define the trusted sources in a list or object format. If an artifact is not signed by a entity in the users trusted source list, it should be denied.
santoshkal
commented
1 month ago
Add a new
verifier(?)command that validates artifact signatures by checking theissuerandsubjectfields in the signature. The command should allow interacting with artifacts only if they are signed by trusted sources. The users may define the trusted sources in a list or object format. If an artifact is not signed by a entity in the users trusted source list, it should be denied.