Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support Attestation Provenance as signature download #198

Open
3 tasks done
validcube opened this issue Nov 30, 2024 · 1 comment
Open
3 tasks done

feat: Support Attestation Provenance as signature download #198

validcube opened this issue Nov 30, 2024 · 1 comment
Labels
Feature request Requesting a new feature that's not implemented yet

Comments

@validcube
Copy link
Member

Feature description

In addition to listing .asc file, the API should also list the provenance for supported repository.

Motivation

Provide an alternative way to verify without using .asc, subjective but the security is as secure if not better than .asc so this can benefit our user as well.

Acknowledgements

  • I have checked all open and closed feature requests and this is not a duplicate
  • I have chosen an appropriate title.
  • All requested information has been provided properly.
@validcube validcube added the Feature request Requesting a new feature that's not implemented yet label Nov 30, 2024
@oSumAtrIX
Copy link
Member

Provenance makes sense if the frontend should be aware of what the API serves has a source code. What if we implement a backend that consumes closed source files from an FTP server?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request Requesting a new feature that's not implemented yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oSumAtrIX @validcube