dlorenc
dlorenc
Go doesn't support look-ahead assertions so I did this out of the regexp.
Hey, I'm trying to figure out how to use this library, and I'm having some trouble. I've gotten 9ps to run, but I can't get anything to connect to it....
At one point we had actual names in the CODEOWNERS files, but that switched at some point to point to a GitHub team in each repo. That works fine, but...
Hey All, This is a tracking bug for the overall sigstore public key ceremony, which we'll use to establish a TUF trust-root for all sigstore signing. The design for that...
Maybe we can add a page here with a list of everyone running mirrors, auditors, monitors, etc. People can add their own!
Similar to ca-certs, we should package this up and make it easy to install and check against!
**Description** OCI registries are great - but right now they're not completely universal no matter how much I wish :) I think over time we could try to support safely...
**Description** Signing with a fixed key is still sometimes the best answer, depending on availability and privacy tradeoffs. The transparency log was designed to help make this even safer. I...
**Description** It looks like the code is limited to text/plain today. Tarballs, binaries, and other formats are commonly curled, unpacked, and executed without any verification as well. I think sget...
**Description** The golang sget tool and doc allowed for pulling unsigned binaries/scripts/tools as long as they are pinned by digest. I think that behavior is still very useful and can...