Open developer-guy opened 2 years ago
Description
I noticed that we have control over the sign command to decide whether we should upload an entry to tlog, when we specify force flag true, it'll bypass the control. So, couldn't we have to do it for the sign-blob command too?
cc: @dlorenc
does it make sense? @dlorenc @mattmoor 🙋🏻♂️
+1, I think @sabre1041 started on something similar.
Dupe of https://github.com/sigstore/cosign/issues/1373
Description
I noticed that we have control over the sign command to decide whether we should upload an entry to tlog, when we specify force flag true, it'll bypass the control. So, couldn't we have to do it for the sign-blob command too?
cc: @dlorenc