Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent warning for ignoring tlog verification #2839

Closed
lcarva opened this issue Mar 24, 2023 · 0 comments · Fixed by #2840
Closed

Inconsistent warning for ignoring tlog verification #2839

lcarva opened this issue Mar 24, 2023 · 0 comments · Fixed by #2840
Labels
bug Something isn't working

Comments

@lcarva
Copy link
Contributor

lcarva commented Mar 24, 2023

Description

When the flag --insecure-ignore-tlog is used in the verify* commands, cosign verify emits a warning about this being an insecure practice. verify-attesatation, verify-blob, and verify-blob-attestation do not.

Version

v2.0.0
@lcarva lcarva added the bug Something isn't working label Mar 24, 2023
lcarva added a commit to lcarva/cosign that referenced this issue Mar 24, 2023
@lcarva
feat: consistent tlog warnings during verification
d06a40b 
fixes: sigstore#2839

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
lcarva added a commit to lcarva/cosign that referenced this issue Mar 24, 2023
@lcarva
feat: consistent tlog warnings during verification
52d6aa1 
Closes sigstore#2839

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
@lcarva lcarva mentioned this issue Mar 24, 2023
Merged
znewman01 pushed a commit that referenced this issue Mar 25, 2023
@lcarva
feat: consistent tlog warnings during verification (#2840)
8a304d5 
Closes #2839

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
dmitris pushed a commit to dmitris/cosign that referenced this issue Mar 27, 2023
@lcarva @dmitris
feat: consistent tlog warnings during verification (sigstore#2840)
5181c78 
Closes sigstore#2839

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: consistent tlog warnings during verification lcarva/cosign
1 participant
@lcarva