New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong cosign
command in “Verify Signed Kubernetes Artifacts” task
#38473
Comments
/retitle Wrong |
cosign
command in “Verify Signed Kubernetes Artifacts” task
It appears that the cosign version v1.9.0 has updated this parameter to --certificate But for compatibility with previous versions, both So the document just uses the newer version of the command. related issue: related PR: |
Today, if you follow the instructions (and so you download |
Perhaps, the version of For more advice. @sftim @saschagrunert |
Yes, maybe that would fix the problem as well. |
I agree having the cosign version mentioned in the docs will help us to prevent such issues in the future. |
/triage accepted |
Can we also mention the note about cosign, something like this: if we are using cosign version v1.9.0+ we should use the |
/assign |
The right command line for
cosign
usage should be:So with
--cert
instead of the actual--certificate
which is an unrecognized option, at least incosign
version 1.6.0.The text was updated successfully, but these errors were encountered: