Dmitry Savintsev

for reference, here's the output of running semgrep with the https://github.com/dgryski/semgrep-go ruleset: https://gist.github.com/dmitris/908a85d205249f2018f4688308fb5053 I would be interested in fixing them and also adding this to the CI checks, if possible...

current output (commit 4dc40058f8f117b39d975da83170bb45db6f67de): ```bash $ golangci-lint run --disable-all -E staticcheck ./... |& tee /tmp/out stored_requests/events/http/http.go:83:15: SA1015: using time.Tick leaks the underlying ticker, consider using it only in endless functions,...

I had a related experience and asked a question on [Slack](https://sigstore.slack.com/archives/C0440BFT43H/p1729613321322739): ``` a question about this error handling instance: https://github.com/sigstore/sigstore-go/blob/main/pkg/verify/tsa.go#L113-L116 // Ensure timestamp responses are from trusted sources timestamp, err...

As discussed on the Sigstore Slack (#private-sigstore-users channel) - found a case causing a panic on nil pointer (the PR linked below has the details), raised a PR with a...

@tonecool try running `go mod why -m ` on the `` dependency you are interested in, also `go mod graph > /tmp/graph` and then `grep /tmp/graph`. Hope this helps! 😄

> Thanks! Can you rebase, that'll fix the failing CI done, CI 🟢

Verification: the script https://github.com/dmitris/cosign-keyless/blob/main/verify-blob.sh fails with the trunk's version of cosign: ```bash $ ./verify-blob.sh Wrote signature to file README.md.sig cosign verify-blob (with --certificate-chain): Verified OK cosign verify-blob (with --ca-roots): Error:...

> https://docs.sigstore.dev/system_config/custom_components/ for reference, the current link is https://docs.sigstore.dev/cosign/system_config/custom_components/