Closed iamsamirzon closed 2 years ago
Question : Should Notation allow use of standard trust stores available on operating systems
PR for workflow: https://github.com/notaryproject/notaryproject/pull/122
Question: Should Notation allow the use of standard trust stores available on operating systems
IMO the better approach would be to have a list of publicly trusted codesigning certificates and allow the user to use that. If required we can add support for trusting codesigning certificates in OS trust store.
This related PR for public signature is part of the signature verification process. https://github.com/notaryproject/notaryproject/pull/132
This above PR can be closed independently in the notraryproject as a standalone item. It is not a blocker for closing this roadmap item.
@SteveLasker - This is ready to be closed now that https://github.com/notaryproject/notaryproject/pull/122 is merged.
Summary Cover the Trust Store and Trust Policy usage Intended Outcome The specfication PR is merged Additional context This is in baseline implementation for alpha release, but need to ensure specfication is well defined. Should support verifying any registry artifact like SBOM and vulnerebility scan results