Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign releases with sigstore #923

Open
fridex opened this issue Nov 1, 2021 · 10 comments
Open

Sign releases with sigstore #923

fridex opened this issue Nov 1, 2021 · 10 comments
Assignees
@mayaCostantini
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance.

Comments

@fridex
Copy link
Contributor

fridex commented Nov 1, 2021

Is your feature request related to a problem? Please describe.

As a user of Thoth, I would like to make sure releases of thamos are signed so that I can be sure about advises it provides to me.

Describe the solution you'd like

Sign Thamos releases.

Additional context

We should start signing releases of our components. We can start with user-facing parts, but also libraries running in the backend should be signed to make sure the whole application is secure.
@codificat
Copy link
Member

/kind feature

@sesheta sesheta added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 2, 2021
@fridex fridex changed the title Sign releases with cosign Sign releases with sigstore Nov 2, 2021
@codificat
Copy link
Member

Related: thoth-station/core#345

@goern
Copy link
Member

goern commented Dec 21, 2021

/priority important-longterm

@sesheta sesheta added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Dec 21, 2021
@sesheta
Copy link
Member

sesheta commented Mar 21, 2022

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@sesheta sesheta added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 21, 2022
@mayaCostantini
Copy link
Contributor

https://github.com/trailofbits/sigstore-python

@goern
Copy link
Member

goern commented Mar 24, 2022

/remove-lifecycle stale
/priority important-soon
/remove-priority important-longterm

@sesheta sesheta added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Mar 24, 2022
@sesheta
Copy link
Member

sesheta commented Jun 22, 2022

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@sesheta sesheta added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 22, 2022
@mayaCostantini
Copy link
Contributor

/remove-lifecycle stale

@sesheta sesheta removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 22, 2022
@mayaCostantini
Copy link
Contributor

/sig stack-guidance

@sesheta sesheta added the sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance. label Jun 30, 2022
@codificat
Copy link
Member

A couple of related references:

@mayaCostantini mayaCostantini self-assigned this Aug 11, 2022
@codificat codificat moved this to 🆕 New in Planning Board Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mayaCostantini mayaCostantini

Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/stack-guidance Categorizes an issue or PR as relevant to SIG Stack Guidance.
Projects
Planning Board
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
5 participants
@goern @codificat @fridex @sesheta @mayaCostantini