Hayden B
Hayden B
@steiza https://github.com/sigstore/cosign/issues/3700 for tracking `--trusted-root`.
For identity flags, are they under https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/verify.go#L113?
I am very supportive of adding support for the trusted root format in Cosign. The only regression to consider is for private instances that have deployed their own TUF repos...
@bkabrda https://github.com/sigstore/cosign/issues/3927 is the current proposal for using the bundle format with `cosign sign`, PTAL!
We're going to call this done! Thank you to @steiza, @codysoyland and @cmurphy and any other contributors and reviewers for all of your work! > [P2] Separation of utilities in...
Sorry, just getting back to TSA issues - were you able to find a workaround, or is this still a feature you'd like implemented?
Hey all, lots of great discussion! A few thoughts, but as a tl;dr - This would be a significant overhaul not just to Sigstore but to its adopters, so I'm...
Offline chat from TDays conf: * Policy needs validity window - this is to ensure that old entries can be verified after policy changes. Policy would need to be additive,...
Use `go install github.com/sigstore/cosign/v2@latest`. Cosign at latest is v2, which requires the version to be specified in the package name.
Apologies, that does not fix it. Looking into it.