Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSF Best Practices: Provide signatures for Zowe.org downloads #1763

Closed
Tracked by #1352 ...
adam-wolfe opened this issue Jul 25, 2023 · 3 comments
Closed
Tracked by #1352 ...

OpenSSF Best Practices: Provide signatures for Zowe.org downloads #1763

adam-wolfe opened this issue Jul 25, 2023 · 3 comments
Labels
community-issue keep Issues with this label will be ignored by the stale bot priority-low Legit issue but cosmetic or nice-to-have

Comments

@adam-wolfe
Copy link
Contributor

adam-wolfe commented Jul 25, 2023

Is your feature or enhancement request related to a problem or limitation? Please describe

The OpenSSF Best Practices Silver Badge requires that we publish cryptographic signatures for releases intended for widespread use along with instructions for verifying the signatures. Some of this infrastructure already exists in the Zowe jfrog repository, however signatures and signature instructions are only visible for the Zowe PAX file download.

Describe your enhancement idea

Zowe.org, managed by the Onboarding Squad, should be changed to show signature downloads and verification instructions for Zowe CLI similar to what is shown for the PAX file download. The CLI Squad should ensure that this change is implemented with reasonable urgency.

@adam-wolfe adam-wolfe added enhancement New feature or request new The issue wasn't triaged yet labels Jul 25, 2023
@github-actions
Copy link

Thank you for raising this enhancement request.
The community has 90 days to vote on it.
If the enhancement receives at least 5 upvotes, it is added to our development backlog.
If it receives fewer votes, the issue is closed.

@adam-wolfe adam-wolfe mentioned this issue Jul 25, 2023
19 tasks
@adam-wolfe adam-wolfe added community-issue keep Issues with this label will be ignored by the stale bot and removed enhancement New feature or request labels Jul 25, 2023
@t1m0thyj
Copy link
Member

Some of this infrastructure already exists in the Zowe jfrog repository

Here's an example of signatures we could link to that already exist (.asc and .sha512 files): https://zowe.jfrog.io/artifactory/libs-release-local/org/zowe/2.9.0/

@zFernand0
Copy link
Member

zFernand0 commented Jul 26, 2023

@zFernand0 zFernand0 added priority-low Legit issue but cosmetic or nice-to-have and removed new The issue wasn't triaged yet labels Aug 9, 2023
@adam-wolfe adam-wolfe mentioned this issue Sep 21, 2023
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community-issue keep Issues with this label will be ignored by the stale bot priority-low Legit issue but cosmetic or nice-to-have
Projects
None yet
Development

No branches or pull requests

3 participants