Akash Singhal
Akash Singhal
@BigVan Thanks for checking in. The current implementation is being optimized to include some new changes made to the ORAS go module. We will make the PR as soon as...
@Jamstah @sajayantony The proposal in general makes sense to me. In fact it's very similar to the implementation we were playing around with here: https://github.com/oci-playground/distribution. There are some notable differences:...
@Jamstah Thanks for the clarification. Makes sense now. Yeah now that I think about it, it's not a full scan because when deleting the referrer we'd know the referee so...
Here are the slides that we will be presenting in the meeting: [CNCF TAG Security Presentation - Ratify.pdf](https://github.com/cncf/tag-security/files/15087573/CNCF.TAG.Security.Presentation.-.Ratify.pdf)
This would solve #1131
@malancas thanks for looking into this issue. I am running into the same issue. Is there an update on the fix?
> @malancas I have no idea about GO and only a little bit about cryptography, but as far as I can see, when verified locally, the error is thrown here:...
@malancas I decided to test the hypothesis that the ASN.1 encoding was causing the issue. I manually unwrapped the ASN.1 encoding from the sig before passing to the cosign RSA...
@yizha1 we are blocked by this. Azure sdk for go has limitation on the Refresh Token Client not being exposed on latest sdk. We cannot upgrade to latest stable sdk...
Preliminary discussions with @susanshi revealed this issue has overlapping requirements with multiple auth provider support with wildcard registry host matching.