Open udf2457 opened 3 weeks ago
Previous request #4553 seems to have been silently brushed under the carpet by the stalebot.
Previous request was also two years ago. In the intervening period, the tooling has become more robust and easier to implement.
Therefore I am re-opening a request to add SLSA provenance to your releases.
It is easier than ever to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info: https://docs.sigstore.dev/signing/overview/
Previous request #4553 seems to have been silently brushed under the carpet by the stalebot.
Previous request was also two years ago. In the intervening period, the tooling has become more robust and easier to implement.
Therefore I am re-opening a request to add SLSA provenance to your releases.
It is easier than ever to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info: https://docs.sigstore.dev/signing/overview/