sigstore.dev and Rekor evolution
If you have been following the Sigstore project over the last year, you know we’ve been rolling out version 2 of Rekor, Sigstore’s transparency log. The intent was to enable signing with Rekor v2 by default, but there’s been a change of plans: the sigstore.dev public good instance will continue using Rekor v1 as the default log for the foreseeable future. Why are we staying with Rekor v1? While Rekor v2 provides greater infrastructure resiliency, it introduces breaking changes in client behavior.
