Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add -cert-email flag to specify an email for a fulcio cert to be valid #622

Merged
merged 1 commit into from
Sep 9, 2021

Conversation

dekkagaijin
Copy link
Member

@dekkagaijin dekkagaijin commented Sep 4, 2021

Fixes #556
(at least partially)

In the long term we'll want to implement the ability to explicitly state expected cert subject(s), but the UX design for that was sticky enough that I wanted to make that change independently.

@dlorenc
Copy link
Member

dlorenc commented Sep 4, 2021

Nice!!! Wdyt about cert-subject instead, to handle the SPIFFE ones?

@dekkagaijin
Copy link
Member Author

Wdyt about cert-subject instead, to handle the SPIFFE ones?

I wanted to add that later to make the distinction between the "email" and the "subject" of the cert. We'll also have to give some thought as to the UX for that

@dlorenc dlorenc merged commit 248f849 into sigstore:main Sep 9, 2021
@dekkagaijin dekkagaijin deleted the subject branch September 9, 2021 20:30
@cpanato cpanato added this to the v1.2.0 milestone Sep 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow pinning trust for verifying keyless signatures
3 participants