Currently verifying a signature bundle that contains a rekorv2 entry using sigstore-python 3.6.5 fails with VerificationError: not enough sources of verified time This is not incorrect but it's also not very useful: we should inform the user that client upgrade is required. I'll have a look, maybe there is an easy improvement here.
Currently verifying a signature bundle that contains a rekorv2 entry using sigstore-python 3.6.5 fails with
This is not incorrect but it's also not very useful: we should inform the user that client upgrade is required.
I'll have a look, maybe there is an easy improvement here.