laurentsimon

> I think this should use Statement and not invent some new format. If the use case works for Statement, for sure. Can you please address the various concerns we...

Thanks @MarkLodato . That is the crux of the problem. > We should update the spec to avoid this confusion, but to be clear, nothing in the spec says how...

Another problem in the previous comments is https://github.com/sigstore/model-transparency/issues/111#issuecomment-2014643774, ie early technical debt / hard to evolve a format if we try to pack information in subjects. This information, given that...

> > Another problem is https://github.com/in-toto/attestation/blob/main/spec/v1/statement.md `Set of software artifacts that the attestation applies to. Each element represents a single software artifact. ` > > In our case, each file...

> > We are working on making a library for signing so people don't need to copy code, just call an API. > > Where is this work happening? Happy...

I'd like if we could have an API that takes as input a file system interface. If we only need to support simple operations like read, write, list dir, do...

https://github.com/google/model-transparency/pull/75 addresses Linux and OSX. Windows remains to be done

Note that the changes made do not yet sign and verify on different runners. However, there are hardcoded hashes in the unit tests, so it effectively validates that the hash...

I'm curious if there's any activity or ETA for this feature. I think this is a fantastic feature and it would reduce noise to the extent of making hash pinning/lockfile...

Just catching up on this PR. What remains to be updated before we get a chance to merge?