Aditya Sirish

Definitely use `securesystemslib`.

Note: we also have the option of including common inspections in our [verification container image](https://github.com/in-toto/Dockerfiles#verifier-1). I believe there has been some other discussion about this as well?

I think it's time to revive this PR again. We'd last left off looking at ITE-2 as a means to distribute the metadata.

https://github.com/theupdateframework/python-tuf/pull/2000 is implementing that courtesy of @lukpueh.

https://github.com/in-toto/in-toto/issues?q=is%3Aopen+is%3Aissue+label%3A%22Up+for+grabs%22 Check out the "Up for grabs" label. :)

Note: we want to be able to plug the same `Link` object into both signature wrappers (and sign them with the same keys) to meet the requirements of the transition...

Hey @Uttam-Singhh! Let me try and track down some work. I know @SolidifiedRay was working on this and had some failures on Windows. Am I misremembering, Yuanrui? :)

Do you have a branch you could drop here to get @Uttam-Singhh started? :)

Yes please, feel free to take a stab at it, while also taking a look at @SolidifiedRay's branch linked above. Thanks!

This became an issue on https://github.com/cnabio/signy/pull/80/. The PR was initially using a root layout I wrote (by hand) and signed using a demo key, and I missed defining `"private": ""`...