Hayden B

Thanks @ChevronTango! Since you have been using Gitpod, could you also test that this works using https://github.com/sigstore/fulcio/pull/1177#issuecomment-1556434098?

SG, thanks!

docker-compose should spin up the transparency log too. There should be some error message from Trillian about why the certificate couldnt be entered in the log. Otherwise, you can run...

Could be that the log failed to start up, sometimes it’s a little finicky. The easiest solution is with go run if docker compose isn’t working.

Moving to draft while there are ongoing conversations

Hey, thanks for opening this. To confirm, these tokens represent user identity (email), and not a machine/CI identity? Context: https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#requirements-to-support-signing-with-cicd-workload-identities This is a straightforward change if so. Can you add...

We also have a list of requirements for new providers, it’s a WIP but if you could, can you take a look and answer these questions - https://github.com/sigstore/fulcio/issues/397

One more question: is this something that will be automated or where a user is present? I ask because we have two options for where to add the new provider....

Something like: ``` func ToSignatureAlgorithm(signer crypto.Signer, hash crypto.Hash) (x509.SignatureAlgorithm, error) { pub := signer.Public() switch pub := pub.(type) { // only supports pkcs1.5, not PSS case *rsa.PublicKey: if hash ==...

Adding a bit more context to my comment in the other thread - This proposed change is solid technically, and if we were to start from scratch, this would be...