1. Cross-Implementation Glob Pattern Bug Exposes Verification Gap in in-toto Supply Chain Framework
A semantic inconsistency between two in-toto reference implementations — in-toto-golang and in-toto-python — creates a verification gap that could undermine artifact rule enforcement across hybrid pipelines. Both libraries support glob patterns with character class negations in layout artifact rules, but they deploy in...