Hayden B
Hayden B
Given we're about to sign a 9th version, I'd just wait for that.
@lkatalin want to update this to the 9th?
Thanks @euanhume! Have you been able to use this locally and confirm that it's working as expected?
Could you rebuild Cosign locally with this change incorporated? I don't have any suggestions on how to set up AWS to test this out though. The only thing I'm not...
The failure might be due to a aws mock that needs to be updated since there are different calls being made, though i haven't looked closely.
This would be great. @bobcallaway and I had actually discussed this previously when trying to figure out which clients were accessing the remote TUF repo. Specifying both the version of...
+1 to updating this! Originally the thought was that we'd want to use the V1 root, because users could audit that root and check it matches what was publicly signed....
We should also provide a script to verify a root against V1, handling the incompatibilities. It’ll either need to check out an old version of go-TUF or configure using the...
Copying in an edited response from Asra from an offline discussion: "This was 'working as intended' due to feedback that people didn't want to constantly update their TUF roots. Now...
@asraa this was fixed correct?