asraa
asraa
We enable for v2+, which is where support started. Right now it's v2.1 to include the git+, but we can backport that to v2.0
I filed an issue, yes https://github.com/slsa-framework/slsa-verifier/issues/520
I think I meant v14 - this was an issue to stop using hardcoded versions for the verifier e2e tests (so we don't test for exactly v14/v14.2/v13.0.30) - if it's...
Just to CC @sbian3 @Lavendes
Hey @Lavendes , Thank you for the spec! Two quick questions about it 1. Where is the constant offset for the linear combo of the HomGate? Is it contained in...
> IMO, the newer style of encodings are quite a bit simpler. I wonder if there's a way we can all use the newer kind. Is the encoding really any...
> identity and email if the identity is not an email address. I wonder if this could also be an input. Imagine that I want to sneakily monitor for things...
> Another thing which occurs to me is that it might be helpful for the VerificationResult to surface the Fulcio certificate extensions (in the case where the verification is successful)....
> One concern for this is that if the verification result with parsed extensions gets persisted and later used for verification, it's susceptible to compromise/mutation. I would find it surprising...
> (would we ever want to return these if the verification wasn't 100% successful)? No :D because no one should use it. But actually I'm just kidding: I believe ArtifactVerificationProperties...