Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature verification for custom plugins #372

Open
3 tasks
Tracked by #371
lahabana opened this issue Jun 24, 2024 · 0 comments
Open
3 tasks
Tracked by #371

Signature verification for custom plugins #372

lahabana opened this issue Jun 24, 2024 · 0 comments
Labels
area/feature New feature or request

Comments

@lahabana
Copy link

Problem Statement

The engineering brief in #371 covers paths for verifying signing plugins but it was intentionally removed from the scope.
This covers implementing a way to verify OCI images which are signed.

We need to decide if we support cosign, notary or both.

Proposed Solution

This brief: https://docs.google.com/document/d/1-gYEaf_31BR_QXmZXNhy0bOrXYJ4X_cXobQ_vbLDIhE/edit

Acceptance Criteria

  • Decide which signing verification we support.
  • A user can verify a signed OCI based plugin
  • Documentation is added
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lahabana