Open stdedos opened 3 months ago
Question
Do https://github.com/sigstore/docs/blob/1c5c6c33e6161b99c6b0bd2d29419762cdc9aa88/content/en/system_config/installation.md#verifying-cosign-releases instructions apply to the With Go 1.20+ process too?
With Go 1.20+
Not that I am a paranoid tin-foiler; I don't see it hurting trying to verify something instead of TOFU.
Question
Do https://github.com/sigstore/docs/blob/1c5c6c33e6161b99c6b0bd2d29419762cdc9aa88/content/en/system_config/installation.md#verifying-cosign-releases instructions apply to the
With Go 1.20+
process too?Not that I am a paranoid tin-foiler; I don't see it hurting trying to verify something instead of TOFU.