Jussi Kukkonen
Jussi Kukkonen
> FWIW, I also have an initial stab at this up at #715: it keeps the old extension handling in place while adding new APIs for the new extensions. My...
After reading up on the situation in cryptography: * it looks like this should not block a sigstore-python release as solving this will likely take some time? * is this...
> Getting the following error on staging when `tough` tries to fetch a root (`5.root.json`): > > `Invalid key ID 5416a7a35ef827abc651e200ac11f3d23e9db74ef890b1fedb69fb2a152ebac5: calculated c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4` This is https://github.com/theupdateframework/tuf-on-ci/issues/292 and arguably https://github.com/theupdateframework/specification/issues/305 Very...
I'm not sure what you mean by "updating the spec" but I think we agree on the backwards compat issues. If the issue is fixed (and "sig" is used consistently...
tests fail because of the macos upgrade (#2618), passes locally
rebase on main
I suppose this is now ready for review :shrug:
> I'm curious why updating targets / targets metadata and then snapshot doesn't work? Everything after timestamp does work in both the upload order and pretty much all of the...
> how do we deal with e.g. verify failure because the signature uses a key/cert that we don't know about because we're using three days old certs and new ones...
> this is what's necessary to not break clients. Note that with TUF spec-compliant clients it explicitly is not necessary-- in TUF timestamp expiration does not define the time that...