You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The optional fields there aren't actually part of the payload, they're added in by cosign verifyhere.
The 'optional' information there is very useful but I think it's deceiving because (as was evidenced in the slack conversation) it created confusion when trying to check the contents of the payload in another context.
I was thinking some representation of this interface might be clearer because it would correspond to the functions available when dealing with signatures in your code.
It would also provide a decent amount of information that could be piped into policy engines or used in other contexts:
Description
From this discussion: https://sigstore.slack.com/archives/C01PZKDL4DP/p1643231244166000
At the moment,
cosign verify
returns something like this:The
optional
fields there aren't actually part of the payload, they're added in bycosign verify
here.The 'optional' information there is very useful but I think it's deceiving because (as was evidenced in the slack conversation) it created confusion when trying to check the contents of the payload in another context.
I was thinking some representation of this interface might be clearer because it would correspond to the functions available when dealing with signatures in your code.
It would also provide a decent amount of information that could be piped into policy engines or used in other contexts:
Something like this:
@dlorenc @developer-guy @JimBugwadia
The text was updated successfully, but these errors were encountered: