notation-go
notation-go copied to clipboard
notaryproject
A collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications.
The performance of this check is slow since it checks the media type after fetching the blob. `if len(remoteOpts.SignatureMediaTypes) != 0 && !slices.Contains(remoteOpts.SignatureMediaTypes, sigDesc.MediaType)` _Originally posted by @shizhMSFT in https://github.com/notaryproject/notation-go/pull/208#discussion_r1030094971_
**Summary** This is left over from https://github.com/notaryproject/notation-go/pull/191#discussion_r1018917400, but focus on the behavior of `VerificationOutcome`. Currently it contains the only successful signature verification outcome, how about the failure outcome? As an...
Summary Implementing signature filtering according to "Filter signature artifact manifest" documented in https://github.com/notaryproject/notaryproject/blob/main/signing-and-verification-workflow.md#verification-steps Intended Outcome Signature filtering works as described in "Filter signature artifact manifest" Additional context
The plugin is an external binary which may generate very large command line output and will be loaded to memory by notation-go library. Do we need a plugin output size...
As part of #77(Refactor to use notation-core-go's SignatureEnvelope), we disabled time-stamping support for signing and verification workflows. **Action Required:** 1. Implement timestamping support in notation-core-go. 2. Enable timestamping support for...
Currently, `notation-go` and `notation-core-go` don't validate the content type of the payload as described in the [spec](https://github.com/notaryproject/notaryproject/blob/main/signature-specification.md#payload). As discussed in the https://github.com/notaryproject/notation-go/pull/131#discussion_r979508855, create an issue here to discuss if we...
As [Notation verification workflow](https://github.com/notaryproject/notaryproject/blob/main/signing-and-verification-workflow.md#verification-workflow) defined, Notation will support push and pull signature through the SDK capability of ORAS-go. It means notation-go has dependencies on the ORAS-go library. Currently, we are...
See https://github.com/notaryproject/notation-go/pull/72#discussion_r914513445
had a discussion with @gokarnm on this and he suggested using timeout as the restricting mechanism which sounds more appt here. We should also modify the `VerificationOutcome` behavior to return...
We are using go-ldap for parsing Distinguished Names (DN) of a trust policy's `trustedIdentities` field. Although we are using a single function from this library, this dependency is bringing bunch...
Metadata
Owner
Metadata
A collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications.