Is your feature request related to a problem? Please describe.
With the availability of keyless signing in #4891 - packages may be consumed potentially from many authors which can complicate the viper inputs for the verification flags and the general UX.
I see the potential for a list of "trusted signers" that indicate many potential pre-trusted identity/issuer combinations that the user explicitly trusts.
This is a CLI behavior behavior that can help drive enforcing verification.
Describe the behavior you'd like
- Given many signed packages from different identities
- When package verification is conducted
- Then package verification iterates over available trusted signers by default automatically
Describe alternatives you've considered
Each package must have specific verification inputs
Additional context
Low criticality - this is mainly for expansion of the UX on verification and braoder production use-cases.
Is your feature request related to a problem? Please describe.
With the availability of keyless signing in #4891 - packages may be consumed potentially from many authors which can complicate the viper inputs for the verification flags and the general UX.
I see the potential for a list of "trusted signers" that indicate many potential pre-trusted identity/issuer combinations that the user explicitly trusts.
This is a CLI behavior behavior that can help drive enforcing verification.
Describe the behavior you'd like
Describe alternatives you've considered
Each package must have specific verification inputs
Additional context
Low criticality - this is mainly for expansion of the UX on verification and braoder production use-cases.