slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard
verified publisher icon slsa-framework

backport v0.0.2: add signing certificate to envelope (#330)

Open asraa opened this issue 3 years ago • 4 comments

  • add signing certificate to envelope

Signed-off-by: Asra Ali [email protected]

asraa avatar Jun 20 '22 16:06 asraa

I guess I can't merge against v0.0.2 tag...

asraa avatar Jun 20 '22 16:06 asraa

@asraa is this still relevant?

ianlewis avatar Sep 07 '22 01:09 ianlewis

Hey! Good question -- this was to fix the v0.0.2 builder, but we don't hav e a release branch that I was able to push the fixes to. We can close if we no longer want to support v0.0.2.

I believe Rekor is not including GA support of their Redis endpoint (https://github.com/sigstore/rekor/issues/1021). So it's important to note that v0.0.2 would be experimental without this patch.

If needed, I can create a branch off the v0.0.2 tag, and then merge this into that branch. But I think it's better to issue that as a v0.0.3 builder at that point. If it's not v1, I'm not sure we need to support.

asraa avatar Sep 07 '22 14:09 asraa

I think we can drop backport for < v1, as you say.

laurentsimon avatar Sep 07 '22 15:09 laurentsimon