Simon Kent

On making verify shard aware: verify uses search to find entries by index or uuid and that API also needs to be updated to be shard aware. See https://github.com/sigstore/rekor/issues/892.

Regarding the proposal around seamless updates, is it rollback safe? i.e. if something goes wrong with the new Rekor deployment during the roll out or for some window after the...

For anyone picking this up (especially "good first issue" folk) loop in fulcio and rekor people for a review to make sure cosign only retries for retriable errors. Retrying errors...