We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description See this PR: https://github.com/sigstore/root-signing/pull/773/files#diff-411f5cc22c155801c5fd2fe49b6e5152a541cce0f8ae8b1b8b0ddc83c0d50314R1
Some ideas from the top of my head:
cc: @asraa @haydentherapper
Version Latest main as of signing ceremony that started at 2023-04-04
main
The text was updated successfully, but these errors were encountered:
Store the POP signatures outside the staged repository in a designated folder
This is probably a good idea! Similar to the way we have keys subfolder.
keys
Sorry, something went wrong.
I wonder if we could use git notes store these in the git repository for potential long-term reference without storing them in the file tree?
git notes
+1000!!!!
Figure out another method to represent the POP signature.
The repository can effectively require POP by requiring that a signing event that adds new keys always has to have metadata signed by those keys.
No branches or pull requests
Description
See this PR: https://github.com/sigstore/root-signing/pull/773/files#diff-411f5cc22c155801c5fd2fe49b6e5152a541cce0f8ae8b1b8b0ddc83c0d50314R1
Some ideas from the top of my head:
cc: @asraa @haydentherapper
Version
Latest
main
as of signing ceremony that started at 2023-04-04The text was updated successfully, but these errors were encountered: