Jussi Kukkonen
Jussi Kukkonen
I'm expecting urllib3 to retry 3 times on common http failures when using urllib3fetcher There's an interesting failure in [sigstore-probers](https://github.com/sigstore/sigstore-probers/actions/runs/15604452814/job/43950565778) where this does not seem to happen: ``` Traceback (most...
Users may run multiple updaters at the same time -- it's not useful but it can happen with longer dependency chains like https://github.com/sigstore/sigstore-python/issues/1403: model-signing uses sigstore-python which uses python-tuf... Currently...
Keeping the embedded TUF root updated (like in #1988) is not required but it's useful as clients then download less on the first run. The update itself is a little...
#228 Adds `rekor-version` argument with default value 1. Once the production signingconfig does contain rekorv2 we should make a major release and switch our default to 2 as well.
Filing as heads up: The [sigstore-python](https://github.com/sigstore/sigstore-python/) 4.0 upgrade is a bit more complicated since there are related service changes. I'll add more details here in next day or two but...
Add advisory file locking to make it safer to run multiple updaters (using the same metadata directory) in separate processes. This should help with #2836 * Metadata access is protected...
* sigstore public good instance already runs a rekor v2 service * in the near future this will be recommended to be used when signing * at some significantly later...
Noticed that `internal/fulcio/fulcioroots` uses TUF... but does not use it to download `trusted_root.json` that contains the current trust material but instead seems to download the deprecated individual keys/cert files. This...
Sigstore signing depends on many moving parts and sometimes one of them fails: this is acceptable. Currently projects that embed cosign can look a little bad though when this happens...
I seem to regularly get confused about this so maybe others are too: The documentation (at least https://github.com/sigstore/fulcio/blob/main/docs/how-certificate-issuing-works.md) states that the signing certificate is constructed by... > Setting the certificate's...