You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While loading trusted_root.json and parsing it, I am trying to verify the certChain for Fulcio and the TSA.
According to both the repository and TUF, it looks like the bottom certificate in the trust chain has expired on "April 13, 2024".
Does it matter? In the end, to verify Sigstore artifacts is it even worth to verify the trust chain rather than just loading the bottom public key of each chain if it came from TUF for verification?
The text was updated successfully, but these errors were encountered:
While loading
trusted_root.json
and parsing it, I am trying to verify thecertChain
for Fulcio and the TSA.According to both the repository and TUF, it looks like the bottom certificate in the trust chain has expired on "April 13, 2024".
Does it matter? In the end, to verify Sigstore artifacts is it even worth to verify the trust chain rather than just loading the bottom public key of each chain if it came from TUF for verification?
The text was updated successfully, but these errors were encountered: