Ville Aikas
Ville Aikas
As part of: https://github.com/knative/eventing/pull/3450 (and the discussions around how to handle empty events...) Wanted to float by changing the behaviour of: https://github.com/cloudevents/sdk-go/blob/master/v2/binding/to_event.go#L23 For handling empty responses differently from a malformed...
# Expected Behavior The [tutorial here](https://github.com/tektoncd/chains/blob/main/docs/tutorials/getting-started-tutorial.md) to work. # Actual Behavior It does not seem to work for me. If I decode the payload with the base64 the `tlog` entry...
### Feature request I think we should verify the SCT coming back from Fulcio to ensure we're not being bamboozled by it. So here: https://github.com/tektoncd/chains/blob/main/pkg/chains/signing/x509/x509.go#L83 We call the fulcio.NewSigner, but...
Signed-off-by: Ville Aikas # Changes Currently when we create the validatingwebhookconfiguration, there's couple of wonky things with it: 1. Always includes status as a subresource and there are cases where...
As a follow on to #1548 @kkavitha and I chatted about some additional checks that we should be doing. For example, we should check the inline data to ensure inline...
**Description** As a follow on to the #1610 we should keep track of Rekor tree state and complain loudly (just like rekor-cli does) if things change.
Hey there, in Sigstore we use Trillian and we were wondering if these are the correct locations where the released containers go (there were questions, since they were under trillian-opensource-**ci**)?...
#### Summary Use newer version of theupdateframework/go-tuf, sigstore/sigstore https://github.com/theupdateframework/go-tuf/pull/397 https://github.com/sigstore/sigstore/pull/715 I'll add an e2e test once I can get the e2e test here (that I'll use this version of cosign...
**Description** We were having trouble upgrading to latest cosign because our license checks were failing here: https://github.com/sigstore/policy-controller/pull/236 Looks like there's a mismatch between what's being checked in cosign and in...
**Question** While I was looking at the #809 thought about how we might want to handle ephemeral containers. Just wanted to jot this down and see what folks thought about...