Riccardo Schirone
Riccardo Schirone
This is known :( I think I'd prefer to fix this by improving rz-pm so that you can install it that way instead of complicating the OBS builds. @Tachi107 would...
@Tachi107 that would be awesome!! Even more so, it would be great to have these packages directly in the official Debian/Ubuntu repos. OBS is a bit of a way around...
This is in progress, some work has already been done, it needs to be completed.
I'd say, to close this, at least the following needs to be completed: - [ ] librz/bin/README.md - [ ] librz/analysis/README.md - [ ] librz/asm/README.md
@tetsuo-cpp you can see https://github.com/trail-of-forks/cosign/compare/support-ed25519ph...trail-of-forks:cosign:signing-algorithm-flag?expand=1 on how I might be using the registry in cosign. Hope it helps us define a good API!
> Overall LGTM. As a meta comment, my only reservation is it's hard to know if we've gotten the API right here without seeing this in use. I'm not really...
I think there might be some problems because cosign still uses a “hand-made” proof of possession instead of using the CSR, so there is no place where the full client...
See https://github.com/sigstore/fulcio/pull/1517/files#diff-648d47fb9eeb444c1a09095dd41e4012ee5aafcb37b712f7f3bf492d8410017dR146 for how the in-progress PR tries to handle this, but this works only if you assume that a given type of public key only has one type of...
Also, shall we assume ed25519-ph in Fulcio? There is no way to distinguish between ed25519 and ed25519-ph. Are both used by (some) clients, in some cases? This may poses other...
> ed25519ph is not one of the supported [algorithms](https://cs.opensource.google/go/go/+/refs/tags/go1.21.6:src/crypto/x509/x509.go;l=232). My understanding is because it was not specified in https://datatracker.ietf.org/doc/html/rfc8410 (it was in an earlier revision of the rfc). Ok, this...