Zack Newman
Zack Newman
Fulcio is in a good position to record the public keys of the OIDC identity providers in a (separate?) transparency log. This would be nice to have for historical reasons.
To mitigate the risk of OIDC token replay, we could require proof-of-possession for the OIDC tokens. Two approaches: 1. [DPoPs](https://docs.google.com/document/d/1xLX6SroHMLltAc55DNlVtwQzKTw5uu6WMq9xL_1GTVA/edit) (you may have to [join [email protected]](https://groups.google.com/g/sigstore-dev)). Not ready yet. 2....
In the [Sigstore clients special interest group](https://github.com/sigstore/sig-clients) [meeting today](https://docs.google.com/document/d/1PNbBZSG3QC8hWVYBx6YDppaXwmSLDfx7t66ECaGa8y4/edit#heading=h.amx8uup2nogs), we discussed an [issue with the release signatures on CPython](https://github.com/sigstore/sigstore-python/issues/600). We have two recommendations for client libraries: 1. After signing, the...
In the [Sigstore clients special interest group](https://github.com/sigstore/sig-clients) [meeting today](https://docs.google.com/document/d/1PNbBZSG3QC8hWVYBx6YDppaXwmSLDfx7t66ECaGa8y4/edit#heading=h.amx8uup2nogs), we discussed an [issue with the release signatures on CPython](https://github.com/sigstore/sigstore-python/issues/600). We have two recommendations for client libraries: 1. After signing, the...
In the [Sigstore clients special interest group](https://github.com/sigstore/sig-clients) [meeting today](https://docs.google.com/document/d/1PNbBZSG3QC8hWVYBx6YDppaXwmSLDfx7t66ECaGa8y4/edit#heading=h.amx8uup2nogs), we discussed an [issue with the release signatures on CPython](https://github.com/sigstore/sigstore-python/issues/600). We have two recommendations for client libraries: 1. After signing, the...
Copied from https://github.com/vlaci/nix-doom-emacs/issues/9 > If user has [literate](https://github.com/hlissner/doom-emacs/blob/169eb2dadd121e7492fd691c74735be1b27f7486/init.example.el#L173) doom module enabled, support not having config.el and first tangling config.org.
@therealnb reported (in Sigstore Office Hours today) an issue where the Fulcio service account wasn't ready on the initial run. On a re-run it succeeded. This points to a race...
Currently, policy-controller lets you inline Rego/CUE policies. The alpha [Validating Admission Policies](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/) use [CEL](https://github.com/google/cel-spec) (which is really quite simple/fast) to validate resources. Would it be worthwhile to add support for...
The idea is to eventually be able to figure out the "secure way" to fetch every URL. So this would probably involve things like: - an ACME-style challenge to prove...
And handle differently-sized buffers better. ``` > make tcp ocamlbuild -Is src examples/tcp_echo_server.native -lflags -cclib,-luv -tag debug -cflag -g Finished, 0 targets (0 cached) in 00:00:00. Finished, 50 targets (50...