Skip to content

v0.7.99

Choose a tag to compare

@github-actions github-actions released this 26 Jun 09:51

Verified release

Built from the private buddyholly007/syntaur source at
v0.7.99 by this repo's public
release-sign.yml
workflow. The exact immutable source commit is recorded in the
signed syntaur-source-commit.txt; a dependency SBOM is in the
signed syntaur-sbom.spdx.json. Every artifact is signed with
Sigstore cosign (keyless OIDC) and accompanied by a
.cosign.bundle. Verify before running:

# SHA-256 verification (fast)
sha256sum -c checksums.txt

# Cosign signature verification (authoritative)
cosign verify-blob \
  --bundle syntaur-gateway-linux-x86_64.cosign.bundle \
  --certificate-identity "https://github.com/syntaur-systems/syntaur-dist/.github/workflows/release-sign.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  syntaur-gateway-linux-x86_64

See SECURITY.md for the verification + disclosure policy.