Feature Description
Feature Description
I'm not sure if it's better to add to LoLa Project or to the LoLa Market (https://github.com/RedHatProductSecurity/lola-market), but it'd be nice to have signing capability of skills and other artifacts, e.g. with Sigstore.
Problem or Use Case
If there is a goal to build a trusted marketplace/repo to ensure skills distribution integrity, I'd suggest to add signing/verification mechanism.
Category
None
Proposed Solution
No response
Alternatives Considered
No response
Complexity Estimate
Simple (good first issue)
Additional Context
No response
Problem or Use Case
Reducing supply-chain attack possibility, especially, if the private market places for skills will be growing in the companies.
Category
None
Proposed Solution
No response
Alternatives Considered
No response
Complexity Estimate
None
Additional Context
No response
Feature Description
Feature Description
I'm not sure if it's better to add to LoLa Project or to the LoLa Market (https://github.com/RedHatProductSecurity/lola-market), but it'd be nice to have signing capability of skills and other artifacts, e.g. with Sigstore.
Problem or Use Case
If there is a goal to build a trusted marketplace/repo to ensure skills distribution integrity, I'd suggest to add signing/verification mechanism.
Category
None
Proposed Solution
No response
Alternatives Considered
No response
Complexity Estimate
Simple (good first issue)
Additional Context
No response
Problem or Use Case
Reducing supply-chain attack possibility, especially, if the private market places for skills will be growing in the companies.
Category
None
Proposed Solution
No response
Alternatives Considered
No response
Complexity Estimate
None
Additional Context
No response