Hayden B
Hayden B
Closing as we push out a v3 release.
How do you see this being consumed by a verifier? A verifier doesn’t know the URL of the signing service in most cases because verification should be entirely offline. In...
Seems correct, just want to avoid any breaking changes on the verification path.
We don't need to continue to support anything that's been deprecated.
Rather than simply output Verified OK, I'd rather look at structuring the output to be machine readable, and contain information about what steps were taken during verification (key vs cert,...
Yea, there was a brief outage over the weekend, still investigating root cause.
We're having an outage at the moment, this appears to be due to our cloud provider, not Rekor itself. We'll update as there's more information.
GCP's issue appears to have been resolved, requests are now succeeding.
We ran into this in https://github.com/sigstore/timestamp-authority. See the release GHA - https://github.com/sigstore/timestamp-authority/blob/main/.github/workflows/release.yaml The GHA first creates a draft release with the binary assets, and then runs the provenance generator. The...
Thanks, doing that here! https://github.com/sigstore/timestamp-authority/pull/215