Package cosign: Information

    Source package: cosign
    Version: 3.0.6-alt1
    Latest version according to Repology
    Build time:  Apr 8, 2026, 01:05 PM in the task #414543
    Category: Development/Tools
    Report package bug
    Gear: https://git.altlinux.org/gears/c/cosign.git?a=tree;hb=1d4e3d1ff7…
    Home page: https://github.com/sigstore/cosign
    License: Apache-2.0
    Summary: Container Signing, Verification and Storage in an OCI registry
    Description: 
    Cosign aims to make signatures invisible infrastructure.

Cosign supports:

* "Keyless signing" with the Sigstore public good Fulcio certificate authority and Rekor transparency log (default)
* Hardware and KMS signing
* Signing with a cosign generated encrypted private/public keypair
* Container Signing, Verification and Storage in an OCI registry.
* Bring-your-own PKI
    List of RPM packages built from this SRPM:
    cosign (x86_64, i586, aarch64)
    cosign-debuginfo (x86_64, i586, aarch64)
    Maintainer: Alexander Danilov
    List of contributors:
    Alexander Danilov
    Ivan Pepelyaev
    Alexey Shabalin
    ACL:
    Ivan Pepelyaev
    Alexander Danilov
    @everybody
      1. /proc
      2. libpcsclite-devel
      3. golang >= 1.24.3
      4. rpm-build-golang
      5. rpm-macros-golang

    Last changed

    April 8, 2026 Alexander Danilov 3.0.6-alt1
    - New version 3.0.6 (Fixes: CVE-2026-39395).
    Feb. 25, 2026 Ivan Pepelyaev 3.0.5-alt1
    - New version 3.0.5 (Fixes: CVE-2026-24122).
    Jan. 30, 2026 Ivan Pepelyaev 3.0.4-alt1
    - New version 3.0.4 (Fixes: CVE-2026-22703).
- Enable tests with no Internet access only.
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top