[Question] Status of GitHub integration? #716
Description
The readme mentions that you
hope to work with GitHub to get these types of signatures recognized as verified in the future!
Is there any progress on this and if so is there any information you can give? I like the idea of S/MIME signing too but I want to use it somewhat differently than either what GitHub supports or the default of what this project does, and Iʼm curious how much of this projectʼs work would be usable by people not using this project.
In particular, the issue of certificate expiry seems relevant to most people using S/MIME signing; the Fulcio certificates you use might last only 10 minutes but others can last only one year, which still isnʼt much time; if I use a standard one-year certificate but integrate with Rekor, will your work still let GitHub do verifications after the certificate expired?
(If this question makes no sense itʼs probably because I only found your project today and might not understand the moving parts as well as I think I do)