v0.7.98
Verified release
Built from the private buddyholly007/syntaur source at
v0.7.98 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:
# SHA-256 verification (fast)
sha256sum -c checksums.txt
# Cosign signature verification (authoritative)
cosign verify-blob \
--bundle syntaur-gateway-linux-x86_64.cosign.bundle \
--certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
syntaur-gateway-linux-x86_64See SECURITY.md for the verification + disclosure policy.