Jussi Kukkonen
Jussi Kukkonen
@tnytown found some compatibility issues with root-signing-staging during https://github.com/sigstore/sigstore-rs/pull/354: 1. keyids were accidentally non-compliant: this concerns root-signing-staging only and will be fixed there, hopefully next week (sigstore-rs needs to initialize...
In preparation for #929, we should do all preparing steps that are not limited by the online signing schedule and that will not affect the current day-to-day operation of this...
As part of #1247 I'd like to define a GH secret. * Secret TUF_ON_CI_TOKEN: this should be a sigstore-bot token with following permissions for sigstore/root-signing: * `Actions: write` to dispatch...
This is something that came up during staging testing: sigstore-rs is not compatible with root-signing-staging, and will not be compatible with root-signing if we proceed with #929 without changes. *...
Now that the default is to upload release artifacts, I wonder if we should add `contents: write` to the main usage example in README (or at least mention this when...
* Pin action with release hash * Enable the workflow for PRs (now that it's pinned) * update the client script from tuf-conformance
Splitting this from #1356 * [ ] Review / rewrite keyholder playbooks #1361 * [ ] Review / rewrite `playbooks/ORCHESTRATION.md` and `playbooks/snapshot-timestamp-sync.md` * [ ] make sure the issues that...
We could add anything in the npmjs delegation and the current tests will be fine
Assuming the migration in #1323 goes as planned, the timestamp expiry period in root v10 is 7 days and the signing period is 4 days meaning we sign a new...
Current situation: * root signing period is 31 days: so the signing event PR opens 31 days before expiry * tests file an issue if root is not valid 30...