Hayden B
Hayden B
We should also switch out a key custodian, there were talks of doing this last time.
Yes, Lance Ball from RedHat, to replace either Joshua or anyone else who wants to switch out. Let's do that switch this cycle, and we should plan to swap out...
This sounds good. To clarify, clients should fallback to the deprecated mapping (e.g. P384/SHA256) if signature verification fails with a "new" mapping (e.g P384/SHA384)? As an alternative approach to falling...
Ack on not including the algorithm in the verification materials, I had forgotten about that discussion. We could say that `--allow-deprecated` is a MAY for clients to implement, but I'd...
Summarizing offline discussions: I do think we should create a new bundle revision soon, but we have a few more changes we'll need to include. Given that a lot of...
Looking over the sigstore-go implementation of the fallback, I'm now wondering if clients are going to have a harder time managing that than with validation of an algorithm in a...
I’m unaware of anyone using it as well. SGTM
@jku fyi related to what we were chatting about, we can remove this as part of the next rotation
+1, this would be a great addition.
Yes, we should remove these, but I would prefer to hold off until we cut a major release of Fulcio to fully remove these as I don't want to break...