-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: cosign support for release binaries #436
Conversation
can you add related docs for verification along with how it will be integrated in the docker images ? |
Why does this differ completely from the earlier deployment security docs ? https://github.com/icon-project/ICON-Projects-Planning/pull/513/files |
That docs refers to the gpg one but the cosign is more robust and built-in support by goreleaser. I'll work on documentation for cosign. |
That is my point. When you create a document for one approach and then implement entirely different approach,both PRs shouldn't co-exist. Delete the one that has become obsolete. |
…tralized-relay into feature/cosign-binaries
…tralized-relay into feature/cosign-binaries
Introduce a public key for cosigning and apply cosign to the binaries for enhanced security.
Also go version is bumped to
1.23