Jussi Kukkonen
Jussi Kukkonen
> On Windows I get a lot of sequences of the errors shown below. I've left the "Unsuccessful lock attempt" as a warning on Windows -- I don't work on...
> > > All(!!!) 3 of the 3 test processes terminated like this: > > > > > > I'm going to need a little more details to reproduce this...
thanks. That is definitely a case where * we have a lock so no other process should have any metadata files open * but we still get permission denied when...
Status: * the "optimization" to avoid writing initial root and the symlink if they are correct already seems useful: I can do that * posix and windows currently operate differently:...
> posix and windows currently operate differently: posix will just wait for the lock for as long as it takes, windows will fail after some time if it does not...
Update: * next pypi-attestations release will use sigstore 4. It will explicitly disable rekor v2 even after Sigstore public good instance fully deploys it: this means upgrading to this pypi-attestations...
I wrote an umbrella tracking issue since there are multiple projects involved: https://github.com/pypi/pypi-attestations/issues/147
the issue is likely flaky CI or Rekor having a bad day, maybe more likely the latter as at this point sigstore-python has already been in contact with fulcio.sigstore.dev... *...
The conformance README has the instructions for setting this up -- in go-tuf case it's likely very easy since there is a client-under-test implementation already in the test suite: I...
For a bit more background: * ClientTrustConfig is basically just TrustedRoot and SigningConfig combined (that is, the trust material client needs to verify and the suggested urls client should use...