Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explain Signing of Release assets in OCM Readme #310

Open
morri-son opened this issue Oct 29, 2024 · 1 comment
Open

Explain Signing of Release assets in OCM Readme #310

morri-son opened this issue Oct 29, 2024 · 1 comment
Labels
area/documentation Documentation related area/ipcei Important Project of Common European Interest component/ocm-core Open Component Model Core aka. go API kind/feature new feature, enhancement, improvement, extension kind/good-first-issue Good for newcomers
Milestone
2024-Q4

Comments

@morri-son
Copy link
Contributor

What would you like to be added:
The information about the release process should contain an information on how the GoReleaser signs our assets with Cosign (config done here and how these signatures can be verified after download.

In addition to that, we should explain for what we use the central GPG key , which is currently only for Debian packages.

Why is this needed:
Explanation about signing assets using Cosign is completely missing and the section https://github.com/open-component-model/ocm?tab=readme-ov-file#gpg-public-key its assume that the GPG key is used for much more than just publishing Debian packages on a public repository.
@morri-son morri-son added area/documentation Documentation related area/ipcei Important Project of Common European Interest kind/feature new feature, enhancement, improvement, extension labels Oct 29, 2024
@morri-son morri-son added the component/ocm-core Open Component Model Core aka. go API label Oct 29, 2024
@morri-son morri-son added this to the 2024-Q4 milestone Oct 29, 2024
@jakobmoellerdev jakobmoellerdev self-assigned this Nov 28, 2024
@jakobmoellerdev jakobmoellerdev moved this from 🆕 ToDo to 📋 Next-UP in OCM Backlog Board Nov 28, 2024
@jakobmoellerdev jakobmoellerdev removed their assignment Nov 28, 2024
@jakobmoellerdev
Copy link
Contributor

Consult with team in case of questions, anyone should be able to take this

@jakobmoellerdev jakobmoellerdev added the kind/good-first-issue Good for newcomers label Nov 28, 2024
@frewilhelm frewilhelm moved this from 📋 Next-UP to 🆕 ToDo in OCM Backlog Board Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/documentation Documentation related area/ipcei Important Project of Common European Interest component/ocm-core Open Component Model Core aka. go API kind/feature new feature, enhancement, improvement, extension kind/good-first-issue Good for newcomers
Projects
OCM Backlog Board
Status: 🆕 ToDo
Milestone
2024-Q4
Development

No branches or pull requests
2 participants
@jakobmoellerdev @morri-son