Robert Pająk
Robert Pająk
Should be OK for: - https://github.com/open-telemetry/opentelemetry-go - https://github.com/open-telemetry/opentelemetry-go-build-tools - https://github.com/open-telemetry/opentelemetry-go-contrib
The code signing is (usually) done using [SignTool.exe](https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe). AFAIK the certificate used for code signing should be available in Personal Information Exchange (PFX) format. AFAIK http://timestamp.digicert.com/ is a commonly used...
> I think this is a good topic for [SIG security](https://github.com/open-telemetry/community/issues/1333) to figure out. The issue was created because of the discussion we had during the SIG security meeting. I...
nit: > It adds more [...] responsibilities to that group Shouldn't each "sponsor-to-be" acknowledge that they want to be a sponsor (e.g. by asking for an approval)?
@codeboten Updated
I learned that for dependabot the secrets needs to be additionally added to "Dependabot secrets". I think it may be more pragmatic to generate an organization-wide token in https://app.codecov.io/account/gh/open-telemetry/org-upload-token and...
@arminru `CODECOV_TOKEN` is missing as **Dependabot** organization-wide secret. Because of this we cannot merge any of the following PRs created by Dependabot: https://github.com/open-telemetry/opentelemetry-go-build-tools/pulls/app%2Fdependabot
@arminru Thanks. Closing.
I created issues for bridges for other logging libraries that are very popular: - https://github.com/open-telemetry/opentelemetry-go-contrib/issues/5191 - https://github.com/open-telemetry/opentelemetry-go-contrib/issues/5192 - https://github.com/open-telemetry/opentelemetry-go-contrib/issues/5193