Jason Hall

> Also fine to stick one that _does_ consult the env var in sigstore/sigstore as long as it's not the only option. I just don't want to force that on...

I agree with Zack, callers of cosign methods will continue to get the same behavior with the env var, for better or worse. If they move to the s/s equivalent...

With #435 merged, our thoughts now turn to all the TODOs we'd left for a future date 😆 The env var issue was resolved by keeping that behavior in cosign,...

This is great! Longer term I'd like to think about splitting these out into separate repos (along with KMSes), and eliminating 'All` as an antipattern. Otherwise we run the risk...

This also starts addressing https://github.com/sigstore/cosign/issues/1867 🎉

I wonder if we should wait and just move these out to separate repos. That will result in a simpler history than having to go from e.g., sigstore/oidc-google -> sigstore/sigstore...

@priyawadhwa FYI It could be useful even just to sketch out what would config be needed for the operator to install and setup Chains. What inputs to the Operator would...

/remove-lifecycle stale /lifecycle frozen

> Was there a specific reason you want the package to be removed? Nothing specific exactly, but two broad categories of reasons: 1. an unmaintained repo, even a "feature complete"...

Re: caching, https://github.com/GoogleContainerTools/kaniko/issues/300 is the current best idea for enabling fast incremental builds in kaniko. To me, relying on dind means you simply cannot build on a Kubernetes cluster unless...