Jussi Kukkonen
Jussi Kukkonen
Other clients have been producing 0.3 bundles for a while now: It would be good to support them in sigstore-rs as currently sigstore-rs cannot verify bundles produced by sigstore-python. proto:...
It would be good to demonstrate how to use ambient identities with sigstore-rs. * I've created https://crates.io/crates/ci-id. It's a tiny project that essentially copies the setup sigstore-python has with `id`...
We run some tests on schedule even now but when those tests fail, nothing happens. We could do this: * Make current test workflows callable * Add new scheduled-tests workflow...
#1496 moves more `ClientTrustConfig` and related classes (SigningConfig, TrustedRoot) to `models`. To accomodate that, lazy imports were added for RekorClient and Rekor2Client. It would be nice to clean this up....
quote ci.yml (_"test (timestamp-authority)"_ task): > # TODO: Refactor this or remove it entirely once there's > # a suitable staging TSA instance. let's have a look at the actual...
From #1468 > > One thing I was thinking about it whether the increased latency with Rekor v2 means that it might make sense to show a progress bar while...
sigstore-python chooses to use a specific signing algorithm for signing with the signing certificate: this seems like a fine decision. Even for verifying the signing certificate signature, sigstore clients are...
SigningConfig can contain multiple rekor instances (from different operators): I understand the intent is that clients can create entries in each one. Currently we only contact one log but could...
Currently if we encounter unexpected kindversions in the rekor log entry we fail when we parse the canonical body -- this looks ugly and hard to understand (see #1384 )....
Follow up from https://github.com/sigstore/sigstore-python/pull/1363: * the signing config from the sigstore instance may now provide a "ServiceSelector" value that instructs the client to use multiple services * we currently only...