Markus Rudy

Thanks all, that's great! I'm mostly interested in `net.cidr_contains` - looking forward to it...

> Would container image signature schemes such as `cosign` or `notation` not work for you? @rchincha: Thanks for pointing this out, I forgot to mention it in the use case....

Looks like we merged this as https://github.com/kata-containers/kata-containers/commit/1e466bf39c267ab81bcdec6a34d006b0b494a352, right?

Yes, and I think it should be two checks: 1. Does the `Docker-Content-Digest` match the returned body? 2. Does the requested digest match the actual digest? For (2), the spec...

Fyi, I proposed a clarification for the distribution spec in https://github.com/opencontainers/distribution-spec/issues/549.

> Here is a list of things Trustee doesn't do: > > [...] nor is it aligned with the relevant protection profiles for HSMs (including soft HSMs) > [...] HSM...

There's an incompatibility between `rules_nixpkgs` and the new Bazel version: ```data (22:51:34) ERROR: /home/runner/.cache/bazel/_bazel_runner/4bd40f54087e3e1007fe1e344c299a60/external/nixpkgs_cc_toolchain/BUILD.bazel:154:31: syntax error at '%': expected expression ``` ```bazel cc_toolchain_config( name = "local", cpu = "k8", compiler...

Renovate will then try to upgrade to non-released versions, too. Can we somehow specify the Bazel minor version to use in the dev shell instead (which is, I guess, what...

E2E: * [x] [GCP, 1.29](https://github.com/edgelesssys/constellation/actions/runs/11294759588) * [x] [Azure, 1.28](https://github.com/edgelesssys/constellation/actions/runs/11294763821) * [x] [AWS, 1.30](https://github.com/edgelesssys/constellation/actions/runs/11294768927)

> > Could it happen that a host has both devices? That would be a problem for users who want Hyper-V if we break here. > > I don't see...