Fredrik Skogman
Fredrik Skogman
@ethan-lowman-dd would you mind taking another look? Addressed your concerns and added filesystem permission check for the metadata files/directories on UNIX-like systems (see discussion above on why Windows is exempted).
@trishankatdatadog Of course! Created this: https://github.com/theupdateframework/go-tuf/issues/360
Good feedback @ethan-lowman-dd, all your comments should be addressed now 👍
Was off on PTO, so didn't see you message @trishankatdatadog until now. PR is updated now.
> Thanks! Would you pls fix the linting errors? Sorry, was not aware of them, fixed now.
Is there any progress to this? I'm happy to help if needed.
> I would really like to try to do the "do something 3 times before generalizing" workflow here. Agree! From the top of my head, the proposed entries are a...
> What we really want is to include this info in provenance metadata and use fulcio to sign that. T > Interesting. So you mean it is signed by Fulcio...
This initiative is great, and as I'm working on a similar concept but for attestations, where the actual payload is captured in the signature file, I was inspired by this...
What would be the next step? I read through the linked google doc again, the Filespec table is what needs to be updated. The sections on cli signing and verification...