shipfeedAI news, curated daily

07:26:15 CET
4 JUL07:26:15shipfeed
pull to refreshlast sync
Just in — 30 new
§ tools · storyline

Adds cache control injection support and Docker image signature

LiteLLM adds cache control injection support and signs Docker images with cosign for verification.

yesterday · · primary fetch1 sourceupdated yesterday ·

Verify Docker Image Signature All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit `0112e53`. Verify using the pinned commit hash (recommended): A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.92.0-dev.2 ``` Verify using the release tag (convenience): Tags are protected in this repository and resolve to the same key.

This option is easier to read but relies on tag protection rules: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.92.0-dev.2/cosign.pub \ ghcr.io/berriai/litellm:v1.92.0-dev.2 ``` Expected output: ``` The following checks were performed on each of these signatures: The cosign claims were validated The signatures were verified against the specified public key ``` --- What's Changed ci(codspeed): pin benchmark runner to ubuntu-24.04 by @yuneng-berri in https://github.com/BerriAI/litellm/pull/31746 test(pass-through): de-flake vertex spend-log…

read full article on github.com
§ sources2 publications · timeline below
  1. github.comLiteLLM v1.92.0-dev.2primary
  2. github.comLiteLLM v1.90.3

§ how this story moved

  1. primaryLiteLLM — Releases publishes the launch post.
  2. LiteLLM — Releases picks up coverage.