shouldUploadTLog control over sign-blob command and enable force flag

sigstore / cosign

Code signing and transparency for containers and binaries

Apache License 2.0

4.4k stars 541 forks source link

shouldUploadTLog control over sign-blob command and enable force flag #1356

Open developer-guy opened 2 years ago

developer-guy commented 2 years ago

Description

I noticed that we have control over the sign command to decide whether we should upload an entry to tlog, when we specify force flag true, it'll bypass the control. So, couldn't we have to do it for the sign-blob command too?

cc: @dlorenc

developer-guy commented 2 years ago

does it make sense? @dlorenc @mattmoor 🙋🏻‍♂️

dlorenc commented 2 years ago

+1, I think @sabre1041 started on something similar.

znewman01 commented 1 year ago

Dupe of https://github.com/sigstore/cosign/issues/1373