Mihai Maruseac
Mihai Maruseac
This got to be too long, so let's summarize here the remaining points. #### Location of `IntotoSignature`, `IntotoSigner` and `IntotoVerifier` classes - https://github.com/sigstore/model-transparency/pull/240#discussion_r1705755881: we want to use `sigstore-python`'s Bundle class...
> @mihaimaruseac I hope this solves your import issues. Sure, but since you created the file, you could have created it in the `signature/` directory as said in the PR...
We want to have good quality of code in here. I'm not moving the goalposts and the tests are definitely not flaky. But if you show me two runs on...
> > We want to have good quality of code in here. I'm not moving the goalposts and the tests are definitely not flaky. But if you show me two...
I think it is because I didn't mock it properly, testing in https://github.com/sigstore/model-transparency/pull/297
> I think it is because I didn't mock it properly, testing in #297 That seemed to be the reason, after more mocking 5 consecutive CI runs passed without problems....
Oh, one of your commits fails DCO.
Should this be handled by the signing infra instead of the library?
All that's left is to remove the tree from https://github.com/sigstore/model-transparency/blob/19a1d45771dc61cfedb55ee879fd529880712720/model_signing/serialization/serialize_by_file.py#L183
I'm debating between sharing the scripts as I used them for previous benchmarks or adapting them to the new API (under work) and having them then act as CI checks