Matthias Glastra
Matthias Glastra
Good point. I am not able to verify but will try to keep changes to a minimum and rely on 32 bit instead of 64 which is possible for rpi...
Looked at my changes again. I think these changes just helped to update the image iso and allow us to run updates again. My rpi zero 2w did manage to...
We could sign the install script too. Allow that to be checked against `cosign verify-blob` and its signature. That is easy to document I believe and still allows the script...
@adityasaky I think your suggestion sums up the whole of this thread and a good description of installing based on release page would be best. Do you agree @adityasaky? A...
[Signing Release Artifacts KEP](https://github.com/kubernetes/enhancements/issues/3031) is in Beta status now. Status for beta is "Standard Kubernetes release artifacts (binaries, container images, etc.) are signed." this means that we are signing SBOM...
/remove-lifecycle rotten
Discussed this and the decision was to put the original chart from testifysec/carts into a chart folder in the archivista repo and update the readme with Deployment section.
I want to bump this with the general question on the governance structure of OpenSC. Is there somewhere this is described?
Would something like the OpenSSF or OWASP be able to be of help?
I reached out on the OpenSSF slack to ask what they offer. > Projects are OpenSSF Technical Initiatives that support the innovative delivery of security tooling and best practices to...