Jussi Kukkonen

icon indicating an email [email protected]

icon company @Google icon location Helsinki icon location @google open source security team, maintainer of tuf-on-ci and python-tuf for @theupdateframework; maintainer of sigstore-python and root-signing for @sigstore

Results 453 comments of Jussi Kukkonen

build(deps): bump the test-and-lint-dependencies group with 3 updates

@dependabot rebase

build(deps): bump the test-and-lint-dependencies group with 3 updates

rebased on main

Custom user agent string

see also https://github.com/sigstore/sigstore-go/issues/143 https://github.com/theupdateframework/python-tuf/issues/2611

Add TAP for client initialization and metadata backstop

This is very interesting, thanks for taking a stab at it. I'll leave some comments based on a first read -- My POV here is thinking about similar issues with...

Discussion of TAP 12: Improving keyid flexibility

Thanks lukas, that makes sense: the requirement is in there to not prevent an attack but a mistake in the repository side: > If all goes correctly, using the key...

Discussion of TAP 15: Succinct hash bin delegations

I'll add some more: * is there a real use case for multiple succinct delegations in one delegating metadata? * is there a real use case for a succinct delegation...

Discussion of Fulcio TAP (TAP 18)

For reference https://github.com/secure-systems-lab/dsse/pull/61 is adityas signature extension proposal for DSSE

Discussion of Fulcio TAP (TAP 18)

TAP18 and the experimental implementation in securesystemslib should definitely be updated if there's a direct way to be consistent with planned DSSE formats. > The issue with using the sigstore...

[targets v11] Add client signing configuration

I am not opposed to another artifact in the repo but I'll mention these downsides so it's clear to everyone: * sigstore "client api" now includes the new proto. If...

[targets v11] Add client signing configuration

This should happen in root-signing-staging first