Hayden B
Hayden B
We good to close this out? We won’t rename this library, and will focus on Sigstore-go
As discussed on issue, codecov now supports this.
Thanks for taking a look at this! Only concern is some of the swagger doc updates, though we saw something similar in https://github.com/sigstore/fulcio/pull/835, but I haven't had a chance to...
Correct! The transparency log should be sufficient for that case. Another option would be to persist token nonces to prevent reuse, but this would break some client use cases that...
Interesting RFC! Happy to chat more about it if you start work on reviving it.
We aren’t verifying the CSR subject currently, it’s just a vehicle for the public key. With this proposal, yes, we must verify both the subject and an extension in the...
You’ll need to sign the DCO in your commit and also add the federation file, which just requires a contact.
https://github.com/sigstore/fulcio/tree/main/federation thanks for the responses, I’ll follow up with any questions shortly
@ChevronTango Can you also update https://github.com/sigstore/fulcio/blob/main/config/fulcio-config.yaml? Would you be able to test this out too? Run `docker-compose build; docker-compose up`, or if you don't have docker-compose, `go run main.go serve...
You'll need to alphabetize the configuration