You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We want to ensure that the images we build are built by the Github CI, and from a job related to the freedomofpress/dangerzone repository.
Attestations should be available on the Github Container registry.
Interesting to note:
The Cosign Bundle Specification explains how image attestations are to be represented as OCI artifacts, and attached to the container registry. This is what's being used via cosign attest
Currently the Attestation Specification is used, which uses Layers to represent attestations and annotations to specify the verification material.
The cosign bundle spec is sigstore/cosign#3889 in cosign but this isn't done yet.
The text was updated successfully, but these errors were encountered:
almet
added
the
icu
Issues related with independent container updates
label
Jan 30, 2025
We want to ensure that the images we build are built by the Github CI, and from a job related to the
freedomofpress/dangerzonerepository.Attestations should be available on the Github Container registry.
Interesting to note:
The Cosign Bundle Specification explains how image attestations are to be represented as OCI artifacts, and attached to the container registry. This is what's being used via cosign attest
Currently the Attestation Specification is used, which uses Layers to represent attestations and annotations to specify the verification material.
The cosign bundle spec is sigstore/cosign#3889 in cosign but this isn't done yet.
The text was updated successfully, but these errors were encountered: