Hayden B
Hayden B
@dependabot recreate
@cpanato You're right, nvm, I saw that it had removed the modified files. Trying to figure out if this is a bug we need to report or if it's wai
We pushed the new release of Rekor to staging and ran into this. This is a blocker for releasing the new Rekor since we no longer allow the upload of...
This is likely an issue. Clients will need to update, so we will need to give them the time to do so. I think we should relax the restriction for...
Yep, the e2e tests would be a good place, or adding unit tests.
cc @asraa @laurentsimon curious what y’all think about this. We’ve had a similar conversation about additional metadata in the certificate for GHA workflows and decided that is more about provenance...
There's also some prior art for this representation of an identity with Istio certificates, which take the format `spiffe://trustdomain/ns//sa/`
I'll take a look early next week to give some more detailed comments around what I think is necessary and what's not for collecting entries from Rekor. Also we're looking...
I'd also check the Cosign security advisories, https://github.com/sigstore/cosign/security/advisories?state=published, since most of them involved bundle verification.