arkade
arkade copied to clipboard
Feature request: Prevent download of unsigned binaries from arkade get
Expected Behaviour
Maybe we could provide an option as Docker did in its Content Trust feature (DOCKER_CONTENT_TRUST) variable to enable downloading binaries if the binary was signed, then verify it before downloading it.
Current Behaviour
Not supported
Are you a GitHub Sponsor (Yes/No?)
Check at https://github.com/sponsors/alexellis
- [ ] Yes
- [x] No
Possible Solution
We could use cosign for that too.
Steps to Reproduce (for bugs)
Context
Your Environment
- What Kubernetes distribution are you using?
kubectl version
- Operating System and version (e.g. Linux, Windows, MacOS):
uname -a
cat /etc/os-release
- What arkade version is this?
arkade version
This issue needs fleshing out with more context.
Why? What's the use-case?
Pros/Cons of adding and maintaining this solution
How you plan to determine for a given binary tool, whether "the binary was signed" etc.
/set title: Feature request: Prevent download of unsigned binaries from arkade get
/add label: enhancement
Closing due to lack of interest from community.