Hector Fernandez
Hector Fernandez
@malancas once this PR gets merged https://github.com/sigstore/community/pull/669, please rebase your pr.
@falcorocks There are some lint issues here. Could you fix those ?
@helixplant Thanks for sharing all these details about these new decisions. However I could not find any answer about why Github advisories accepts any vulnerabilities affecting the Go Std Library....
Hello @BerndFarkaDyna Yes, it is correct that the version is removed from the signature. Have you tried to use `VAULT_KEY_PREFIX` ? You could replace the hardcoded/default value `vault:v1` by `vault:v3`...
@BerndFarkaDyna Indeed, it opens some valid use cases here.
@BerndFarkaDyna That is a good question. Is there a way to get the last version ? Why would i want to use a rotated version of my key ?
@dlorenc I believe we need your opinion about this ☝🏻 ? wdyt ?
> For bundle identification, could we also have different artifact types for each use case, something like application/vnd.dev.sigstore.bundle+json;version=0.2;predicate=slsa/v1? I like what @haydentherapper mentioned here. Definitely I wouldn't rely on having...
@evankanderson We have https://github.com/sigstore/helm-sigstore. I think this is what you were looking.
@evankanderson I don't know if we haven't done that to be honest.