James Alseth

PKCS#11 is a standard API for communicating with hardware crypto modules. HSM vendors provide a PKCS#11 module, which is a shared library that exports the expected functions, and then handles...

I would use PKCS#11, so I'd like to see support for it added to cosign, but like I said as long as cosign supports crypto.Signer that's what really matters as...

@srenatus `securityContext` can be set at both the Pod and Container level. They map to `PodSecurityContext` and `SecurityContext` types respectively which have different options. In this case though, the policy...

Hello, thanks for filing this. I don't see a benefit this provides over using the existing `warn` and `deny` rules (example below), and it would have a major downside of...

> it's possible to do that today, but it requires more custom code. I'm not really following this part. If we implemented this, every other tool (such as one that...

Thanks for raising this. If you have the time, I'd welcome a PR to fix.

Closing this due to inactivity. Please feel free to reopen in the future.

Closing this due to inactivity. Please feel free to reopen in the future.

Where it makes sense, I think Sigstore public infrastructure should be agnostic on what is trustworthy and should defer to the client to build a verification policy. I would like...

I agree that it should be up to the client to implement a verification policy that suits its use case and that Fulcio should not try to solve what is...