SHIP-0042: Trusted certificates #281
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
pull-request-size
bot
added
the
size/L
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
adambkaplan
left a comment
adambkaplan
left a comment
There was a problem hiding this comment.
Initial comments since this proposal is in the draft state. I'd like to see the scope of this proposal more clearly defined before accepting it in the "provisional" state.
| # ... | ||
| spec: | ||
| # ... | ||
| certificates: |
There was a problem hiding this comment.
I like that we are supporting multiple certificates - this enables more fine grained distribution of trust.
I am concerned that the naming "certificates" is too broad. Are we concerned with certificate authorities for TLS verficiation? X.509 certificates for workload identity? Mutual TLS certificates between services? These are all very different things that utilize similar underlying fundamental technologies.
There was a problem hiding this comment.
I think we are only concerned about X.509 certificates here.
Proposal to add a Shipwright feature to use trusted certificates in Build steps. Signed-off-by: Sayan Biswas <[email protected]>
sayan-biswas
force-pushed
the
certificates
branch
from
aea7ec0 to
aae10db
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
2 participants
Proposal to add a Shipwright feature to use trusted certificates in Build steps.
Changes
Submitter Checklist
See the contributor guide
for details on coding conventions, github and prow interactions, and the code review process.
Release Notes