Hayden B
Hayden B
Sorry, I didn’t mention context - the PR in Sigstore/Sigstore removed the environment variable. I just wanted to confirm we plan to continue supporting the variable by adding a constructor...
Sounds good, let’s add this as a TODO on this issue to track this.
Bumping the root doesn't need to happen right now, it just saves one or two network calls to fetch an extra root.
cc @asraa
If all that needs to change is the signing algorithm, I don't think there's much to discuss. Once there is a finalized suite and there's good, audited, battle-hardened libraries, and...
I'm not very familiar with these schemes, but from what I understand, there are significant tradeoffs to each, and none are a perfect candidate. (Edit: I know one significant tradeoff...
@dlorenc @bobcallaway Is this done? Do we have limits in place?
I've also found the coverage calculations to be inaccurate at times.
I think we can solve some of the issues we've run into. * Coverage unexpectedly going down on small PRs - Can we have a range of an accepted diff...