Dmitry Savintsev

> Hi, @dmitris thank you for contributing to kompose. As a first-time contributor, you first need to sign CNCF CLA. You can find more info in [#1488 (comment)](https://github.com/kubernetes/kompose/pull/1488#issuecomment-1067263458) thanks @kadel...

> @dmitris Is there any progress? @sergeyshevch sorry for the delay, the CLA is completed now.

@kadel could you re-trigger the build, would it help to get over the `golangci-lint` build failure? Thanks.

> @dmitris Is this ready for review? Or were you looking for more initial feedback for moving it out from draft? I was waiting for the initial feedback - I...

@haydentherapper marked as "ready for review" now. I thought about adding unit tests - but I believe the current implementation with the "big" `VerifyCommand.Exec()` method https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/verify/verify.go#L85-L316 doesn't make it easy...

@haydentherapper addressed your feedback except adding a test to e2e_test.go - will do this next

just a thought - wouldn't it be better to call the flag **`--trusted-roots`** (plural)? In case the user needs to provide multiple roots, it would be clear and intuitive from...

ok that's fine, thanks 👍

When looking further into the implementation, I realized there is likely a problem in terms of the possible intermediate certificates. It is not clear how the intermediate certificates would be...

Thanks for the comment @woodruffw! I can see the advantages of the "full cover" single `--trusted-root` flag (for example, it can include the TSA certificate as well) - but besides...