28e7218c0b
### Summary Linux codesigning with sigstore and test run output at https://github.com/openai/codex/actions/runs/19994328162?pr=7662. Sigstore is one of the few ways for codesigning for linux platform. Linux is open sourced and therefore binary/dist validation comes with the build itself instead of a central authority like Windows or Mac. Alternative here is to use GPG which again a public key included with the bundle for validation. Advantage with Sigstore is that we do not have to create a private key for signing but rather with[ keyless signing](https://docs.sigstore.dev/cosign/signing/overview/). This should be sufficient for us at this point and if we want to we can support GPG in the future. |
||
|---|---|---|
| .. | ||
| cargo-deny.yml | ||
| ci.yml | ||
| cla.yml | ||
| close-stale-contributor-prs.yml | ||
| codespell.yml | ||
| issue-deduplicator.yml | ||
| issue-labeler.yml | ||
| rust-ci.yml | ||
| rust-release.yml | ||
| sdk.yml | ||
| shell-tool-mcp-ci.yml | ||
| shell-tool-mcp.yml | ||