dlorenc
dlorenc
This would ease integration with Java and other tooling that expects timestamps in this format. We could expose two APIs: - A normal RFC3161 variant, where users send us a...
**Description** It would be great to have some tooling to automatically rebuild the redis index in case it gets behind the log or we drop entries. Right now we index...
cc @puiterwijk This would look like an entry in Rekor that includes a digest of a file that will be signed, and the public key that will be used to...
cc @puiterwijk This could include things like - RPMs which bundle signatures into a special header - Maven artifacts - The Windows PE file format - ELF xattrs
I poked around a bit and it appears we have two main options for metrics: Prometheus and OpenCensus. Trillian appears to support both as well: https://github.com/google/trillian/blob/master/monitoring/prometheus/metrics.go Here's what I'm hoping...
We could make some other types of (UNTRUSTED) feeds available to simplify integrations. * All entries could get sent to a public pubsub/kafka topic for others to use. * All...
There might be a few already we can pull from in the Trillian examples. It could be as simple as a bash for loop that tails one log with `rekor-cli...
e2e tests are not ideal right now, we only have them in the fulcio and cosign repos. We should add them here too where we can. We should figure out...
**Description** Sign (detached) blobs on gcs/s3/cloud storage. ``` sigstore sign (-key or not for keyless) s3://bucket/object Signing object hash abcdef123... Uploading signature to s3://bucket/abcdef123.sig Signature in Transparency Log at 3453....
In our CI systems, we should be sure to never do a download of packages. We've had a few instances where the fetch_or_download errored, and the script interpreted that as...