Skip to content

Support sigstore / gitsign Commit Verification #34361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rawkode opened this issue May 4, 2025 · 0 comments
Open

Support sigstore / gitsign Commit Verification #34361

rawkode opened this issue May 4, 2025 · 0 comments
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@rawkode
Copy link

rawkode commented May 4, 2025

Feature Description

https://github.com/sigstore/gitsign

Gitsign is a great way to sign commits without keys, backed by OIDC.

This means key revocation isn't needed and there's a public transparency log to verify each signature, via Rekor.

https://github.com/sigstore/gitsign?tab=readme-ov-file#verifying-commits

Screenshots

No response
@rawkode rawkode added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label May 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rawkode