Update registry/remote/internal/configuration/evaluator.go

Signed-off-by: Terry Howe <terrylhowe@gmail.com>

Author: TerryHowe

registry/remote/internal/configuration/evaluator.go

@@ -111,12 +111,7 @@ func (e *Evaluator) evaluateSignedBy(ctx context.Context, req *PRSignedBy, image
 // Note: This is a placeholder implementation. Full signature verification
 // would require integration with sigstore libraries.
 func (e *Evaluator) evaluateSigstoreSigned(ctx context.Context, req *PRSigstoreSigned, image ImageReference) (bool, error) {
-	// TODO: Implement actual sigstore verification
-	// This would involve:
-	// 1. Fetching the image manifest and sigstore signatures
-	// 2. Verifying signatures using sigstore
-	// 3. Optionally verifying Fulcio certificates and Rekor transparency log
-	// 4. Checking identity matching rules
+	// TODO: Implement actual sigstore verification https://github.com/oras-project/oras-go/issues/1029
 	return false, fmt.Errorf("sigstoreSigned verification not yet implemented")
 }