Aditya Sirish

Could you explain the distinction between the execution times in `operational` and `timestamp`? Also, I think this information would also go into the predicate itself to conform to the attestation...

@scovetta can you link me to where you're generating the attestation in the scanner?

Thanks! On a side note, would you be interested in some of these bits (especially base.py) being upstreamed to https://github.com/in-toto/in-toto? In our Go implementation, we define the models for in-toto...

I think it'd be nice to have stickers for sandbox projects that have a logo, with other swag for incubating and above. Disclaimer: I maintain a sandbox project at the...

Hey @neilnaveen, are you still working on this?

The reason this return non zero ever is because you can verify multiple commit signatures. It's possible we should have set the ret to non zero if even one of...

Closing this as we've dropped these cmds.

I view `gittuf rsl record` etc as lower level commands, possibly one that the user won't interact with. With that model, IMO we should keep such low level commands simple...

I view `gittuf rsl record` etc as lower level commands, possibly one that the user won't interact with. With that model, IMO we should keep such low level commands simple...

>Should this be always automated without user interaction, or are there cases where someone may want to not skip these entries? (i.e. by way of a prompt like "Entry pointing...