Release notes for v0.26.0 do not document breaking change in supported signing key algorithms

[aThorp96]

Based on this PR, when Cosign was upgraded from v2.5.3 to v2.6.0 (PR #1441) it introduced a breaking change in the algorithms supported for identity tokens. That PR specifies in the release notes that there was a breaking change and documents the action required:

Action required:

Update your identity token generation to use RS256 algorithm. If using custom token generation scripts, ensure they sign with RSA keys

Neither the cosign upgrade nor the breaking change it's required-action is mentioned in the v0.26.0 release notes

[aThorp96]

CC @lcarva @anithapriyanatarajan

[anithapriyanatarajan]

@aThorp96 Thankyou very much for raising this. The release automation we have right now relies on the release notes added to the specific PR in Release notes section. In the mentioned case, the release notes from sigstore was added to the PR description which the release automation pipeline will not lookup. We will get this fixed and update here. cc: @jkhelil

[anithapriyanatarajan]

Release notes updated - https://github.com/tektoncd/chains/releases/tag/v0.26.0 please review @aThorp96 @jkhelil. we could close this issue if the notes are clear.

[aThorp96]

Thanks!