Hayden B
Hayden B
Will be obsolete with Rekor v2.
Would we want to have this only under the `--new-bundle-format` path, given that I assume we'll want to use the new sigstore-go compatible verifier? It would also decrease the number...
We should update documentation to state that the SAN will not match the subject and comes from a value defined by the provider implementation or configuration. In thinking about Fulcio...
We are not accepting breaking changes to this stable library at the moment. This is a reasonable proposal but one which we would want to tackle when there are more...
Also flagging that `cosign tree` has not been updated.
Also https://github.com/sigstore/cosign/issues/4553, `cosign triangulate`
@dependabot rebase
@dependabot recreate
To avoid breaking any clients, then we'll need to continue to assume that RSA-PSS is actually PKCS1v1.5. We can add new fields for RSA-PSS and PKCS1v1.5 and deprecate the current...
Hey, we'll actually fix this in a future Fulcio major version, but for now, we can just add a comment to the algorithm enum that says this is actually RSA...