Skip to content

Commit

Permalink
Revoke v0.7.0 (#318)
Browse files Browse the repository at this point in the history 
We need to verify the content checksum for the signature to be
considered valid. Since we just cut the release, revoking.

Signed-off-by: Billy Lynch <billy@chainguard.dev>
  • Loading branch information
@wlynch
wlynch committed May 22, 2023
1 parent 8955100 commit 8a76ba2
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,8 @@ Gitsign stores data in 2 places:

- If `rekorMode = offline`

Note: offline verification is new, and should be considered experimental for now.

By default, data is written to the
[public Rekor instance](https://docs.sigstore.dev/rekor/public-instance). In
particular, users and organizations may be sensitive to the data contained
Expand Down
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,3 +226,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

retract v0.7.0

0 comments on commit 8a76ba2

Please sign in to comment.