You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of this effort sigstore/cosign#2331, we're adding support for storing verification data from timestamp authorities (e.g. sigstore/timestamp-authority) into the current cosign bundle. That means users could use Rekor or a timestamp authority to verify its signed artifacts. However, the current cosign implementation assumes the bundle only contains Rekor data.
As a consequence, we decided to reuse the sigstore bundle format approved in this repository. This format would help us to extend the current RekorBundle into a more generic Bundle that could satisfy this new use case. At the same time, we should ensure this new Bundle type does not break the old format, and thus avoids backwards compatibility issues.
We've started proposing some changes in sigstore/cosign#2422 where @haydentherapper suggested to include the maintainers of this spec and decide about this new type.
The text was updated successfully, but these errors were encountered:
Description
As part of this effort sigstore/cosign#2331, we're adding support for storing verification data from timestamp authorities (e.g. sigstore/timestamp-authority) into the current cosign bundle. That means users could use Rekor or a timestamp authority to verify its signed artifacts. However, the current cosign implementation assumes the bundle only contains Rekor data.
As a consequence, we decided to reuse the sigstore bundle format approved in this repository. This format would help us to extend the current RekorBundle into a more generic Bundle that could satisfy this new use case. At the same time, we should ensure this new Bundle type does not break the old format, and thus avoids backwards compatibility issues.
We've started proposing some changes in sigstore/cosign#2422 where @haydentherapper suggested to include the maintainers of this spec and decide about this new type.
The text was updated successfully, but these errors were encountered: