We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We don't yet have a guideline regarding how language SIGs should sign the binaries that they release. We're seeing asks from multiple SIGs:
A possible solution would be sigstore, which is making good progress:
Additional info & ideas:
https://www.cncf.io/blog/2022/03/10/supply-chain-security-project-in-toto-moves-to-the-cncf-incubator/
Where to store the certificate?
Immediate solution: Publishing hashes for binaries we distribute?
The text was updated successfully, but these errors were encountered:
let me know where i can help. :)
Sorry, something went wrong.
@cpanato thank you! I think an OTEP would be a great starting point.
(@jsuereth FYI)
arminru
No branches or pull requests
We don't yet have a guideline regarding how language SIGs should sign the binaries that they release.
We're seeing asks from multiple SIGs:
A possible solution would be sigstore, which is making good progress:
Additional info & ideas:
https://www.cncf.io/blog/2022/03/10/supply-chain-security-project-in-toto-moves-to-the-cncf-incubator/
Where to store the certificate?
Immediate solution: Publishing hashes for binaries we distribute?
The text was updated successfully, but these errors were encountered: