Marina Moore

Please open a [presentation issue](https://github.com/cncf/tag-security/issues/new/choose) with TAG security so that we can provide the TAG review. It may be useful to perform a [self assessment](https://github.com/cncf/tag-security/blob/main/community/assessments/guide/self-assessment.md) before the presentation.

This TAP may be superceded by the [signing spec](https://github.com/secure-systems-lab/signing-spec) project once there is a TAP for that. Though this backwards-compatible solution may still be a good intermediate step that can...

After talking with @JustinCappos and @awwad , we found that there are two categories of use cases that TAP 8 is trying to address. The first (role rotation) involves a...

Sure, here are some example scenarios for role vs key rotation. For role rotation, say there's a developer role that has 3 developers who each have a key (A, B,...

A couple more thoughts: root file rotation - An option would be to include the `spec-version` in the root rotate filename, but I’m not sure that is needed. I think...

@hannesm @JustinCappos Any thoughts about the role vs key rotation mentioned [above](https://github.com/theupdateframework/taps/issues/37#issuecomment-420734094)? I was planning to go ahead with role rotation unless there's a reason to do the key rotation...

Root rotation I agree that we should leave the root rotation as is. There doesn’t seem to be a good way to ensure rotate files are found for root, and...

@JustinCappos Here’s some additional explanation of the pros and cons of pooling rotate files across repositories: A rotate file is named using the role name, keys, and threshold. In a...

@JustinCappos I think it would be possible to prevent all collisions by adding fields to the filename, but I'm not sure how many use cases there would be for the...

I made some proposed changes to the spec based on this discussion. Specifically, I made changes to root rotation, location of rotate files, getting rid of unintended cycles, and what...