Hayden B
Hayden B
This has been fixed by the new sigstore-go [TUF client](https://github.com/sigstore/sigstore-go/blob/main/pkg/tuf/client.go) that uses [go-tuf](https://github.com/theupdateframework/go-tuf/blob/master/metadata/updater/updater.go#L125).
Closing as outdated
My two cents are we have good diversity of root keyholders in terms of company/academic affiliations. I'd say having a yearly reminder to ask all root keyholders if they are...
I'll be adding some documentation soon to describe the manual process, then we'll convert that into an automated one. We also need a GHA for pushing the repo to the...
This will be handled by tuf-on-ci now, and signing events can be done off branches.
Agreed, this looks like Fulcio writes directly to Rekor, which is not accurate. @lukehinds @bobcallaway Do you know this image was generated so we can edit it?
This has been fixed
Did we decide on if we wanted developer documentation to live in the docs repo, or live in individual project repos and get synced back?
One particular term is "bundle" - It's become overloaded in both Sigstore and the SSCI space. Going forward, we want "bundle" to refer to https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto - The collection of verification...