Hayden B
Hayden B
> What's the requirement for this? Proving ownership of an underlying identity, though I don't think it's a hard requirement. We can never know for certain that hayden@gmail provided by...
Fixed as of https://github.com/sigstore/fulcio/pull/1447. Please file any issues or propose changes if you have any concerns with the proposed policy. FYI TSC, since there was interest in this list -...
@priyawadhwa @lkatalin Is this still an open task?
Was this completed?
@asraa good to close, this seems outdated?
If you want, we can leave open as a candidate for "good first issue".
Can we close this? Golang's crypto library isn't FIPS compliant without being recompiled and using boringssl instead, and that seems like a risky change to take on
Spent a little bit of time digging into this issue: * RPM packages use the OpenPGP V3 signature format - See the [documentation](https://access.redhat.com/articles/3359321#:~:text=gpg2%0A%25__gpg_sign_cmd%20%25%7B__gpg%7D%20gpg-,%2D%2Dforce%2Dv3%2Dsigs,-%2D%2Dbatch%20%2D%2Dverbose%20%2D%2Dno%2Darmor). While I know nothing about the format,...
Hey, thanks for looking into this! Ideally we would continue to support V3 signatures, but if Red Hat has moved over to V4, maybe now is the time to switch....
Can this be closed in favor of the hashedrekord type, or did we want a dedicated type for this still?