Hayden B
Hayden B
Closing as device flow has been enabled.
For some context, I tried to work around this issue awhile ago by copying in files from certificate-transparency-go (https://github.com/sigstore/cosign/blob/f2c360eb97e52fa7766ecde370f1a48b910d7404/cmd/cosign/cli/fulcio/fulcioverifier/ctutil/ctutil.go) to avoid pulling in glog.
There are no current plans to include the Fulcio root in the macOS or Windows trust stores. The way that Sigstore manages and updates its roots of trust through [TheUpdateFramework](https://theupdateframework.io/)...
Thanks Zach, yep, that's pretty much it! The other thing would be reading all entries in the log to see if there's any that would be affected by this change....
Yes, because it's a breaking change. I'm not concerned about its impact on GA, just making a post 1.0 change. Planning on doing this very soon.
Working on this now, and making the change to the username format.
Following along, it looks like customizable audiences isn't coming in 15.0 - https://gitlab.com/groups/gitlab-org/-/epics/7335
To be in sync with GitHub Actions-bound certificates, we'd also want to include information about the CI workflow that was run. I believe that's `pipeline_id` or `pipeline_source`.
Work is complete
The gRPC test suite [code](https://github.com/sigstore/fulcio/blob/main/pkg/api/grpc_server_test.go) is fairly thorough. It tests all endpoints with different types of issuers. For each supported issuer for the production environment (email, SPIFFE, GitHub and K8S...