Changelog: mention rekor v2 support

jku · jku · commit 890307cf2265 · 2025-06-10T11:01:34.000+03:00
Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,10 +16,10 @@ All versions prior to 0.9.0 are untracked.
 
 * Added support for ed25519 keys.
   [#1377](https://github.com/sigstore/sigstore-python/pull/1377)
+
 * API: `IdentityToken` now supports `client_id` for audience claim validation.
   [#1402](https://github.com/sigstore/sigstore-python/pull/1402)
 
-
 * Added a `RekorV2Client` for posting new entries to a Rekor V2 instance.
   [#1400](https://github.com/sigstore/sigstore-python/pull/1422)
 
@@ -60,15 +60,21 @@ All versions prior to 0.9.0 are untracked.
 
 ### Changed
 
+* Rekor V2 is now supported for both verification and signing: The used instances are selected
+  with configuration from TUF or `--trust-config` as before
+  [#1432](https://github.com/sigstore/sigstore-python/pull/1432)
+
 * API:
   * ClientTrustConfig now provides methods `production()`, `staging()`and `from_tuf()`
     to get access to current client configuration (trusted keys & certificates,
     URLs and their validity periods). [#1363](https://github.com/sigstore/sigstore-python/pull/1363)
   * SigningConfig now has methods that return actual clients (like `RekorClient`) instead of
     just URLs. The returned clients are also filtered according to SigningConfig contents.
     [#1407](https://github.com/sigstore/sigstore-python/pull/1407)
+
 * `--trust-config` now requires a file with SigningConfig v0.2, and is able to fully
   configure the used Sigstore instance [#1358]/(https://github.com/sigstore/sigstore-python/pull/1358)
+
 * By default (when `--trust-config` is not used) the whole trust configuration now
   comes from the TUF repository [#1363](https://github.com/sigstore/sigstore-python/pull/1363)
 
