Reputable code signing service? For arbitrary payloads

Question

verdverm · Accepted Answer

Have a look at Sigstore and their tool cosign. It's aiming to be the Let's Encrypt of code signing.
I'm not sure if arbitrary binaries are supported fully yet, but it's being worked on.
https://github.com/sigstore/cosign

warrenm · Answer

Who would be willing to take the risk of signing "arbitrary payloads"?!Unless you've got the Sultan of Kinakuta standing by ... this seems like an extraordinarily bad idea

Reputable code signing service? For arbitrary payloads

Reputable code signing service? For arbitrary payloads

Have a look at Sigstore and their tool cosign. It's aiming to be the Let's Encrypt of code signing.I'm not sure if arbitrary binaries are supported fully yet, but it's being worked on.https://github.com/sigstore/cosign

Who would be willing to take the risk of signing "arbitrary payloads"?!Unless you've got the Sultan of Kinakuta standing by ... this seems like an extraordinarily bad idea

Have a look at Sigstore and their tool cosign. It's aiming to be the Let's Encrypt of code signing.
I'm not sure if arbitrary binaries are supported fully yet, but it's being worked on.
https://github.com/sigstore/cosign

Who would be willing to take the risk of signing "arbitrary payloads"?!
Unless you've got the Sultan of Kinakuta standing by ... this seems like an extraordinarily bad idea