Skip to content

Release 0.9.0
Compare
Choose a tag to compare
@woodruffw woodruffw released this 22 Dec 16:33
· 669 commits to main since this release
v0.9.0
This tag was signed with the committer’s verified signature.
woodruffw William Woodruff
SSH Key Fingerprint: EeRlzHThJexQSIWNa8tDW9bI11zXFJ+4cCY/kG/afBU Learn about vigilant mode.
62865f3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

[0.9.0]

Added

  • sigstore verify now supports --certificate-chain and --rekor-url
    during verification. Ordinary uses (i.e. the default or --staging)
    are not affected (#323)

Changed

  • sigstore sign and sigstore verify now stream their input, rather than
    consuming it into a single buffer
    (#329)

  • A series of Python 3.11 deprecation warnings were eliminated
    (#341)

  • The "splash" page presented to users during the OAuth flow has been updated
    to reflect the user-friendly page added to cosign
    (#356)

  • sigstore now uses TUF to retrieve its trust material for Fulcio and Rekor,
    replacing the material that was previously baked into sigstore._store
    (#351)

Assets 9
Loading