Skip to content

v0.27.0
Compare
Choose a tag to compare
@lukpueh lukpueh released this 14 Mar 15:06
· 655 commits to main since this release
v0.27.0
This tag was signed with the committer’s verified signature. The key has expired.
lukpueh Lukas Pühringer
GPG key ID: 89A2AD3C07D962E8
Expired
Learn about vigilant mode.
a22cbba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • EXPERIMENTAL DSSE implementation (#487)
  • EXPERIMENTAL sigstore signer and verifier (#522)
  • Minimal TUF/in-toto spec-compliant GPG verifier (#488)
  • API-typical 'import' and 'from URI' GPG signer methods (#488)

Changed

  • Require public key in GPG signer and disallow subkey signatures (#488)
  • Increase GPG subprocess timeout (#502)
  • Rename default branch to 'main' (#523)
  • Make HSM signer URI configurable (#526)
  • Allow tox to skip virtual HSM tests (#528)
  • Strip PEM keys to compute keyids consistently (#453)

Removed

  • Internal GPG version utils (#504)
  • Custom subprocess interface (#505)
  • Vendored ssl module (#506)

Fixed

  • Windows compatibility issues and re-enable Windows CI (#518)
  • GPG subprocess timeout configurability (#502)
Assets 6
Loading