Ramon Petgrave

icon company @google

Results 75 comments of Ramon Petgrave

feat: VerifyNpmPackage API with supplied tuf client

@slugclub

feat: VerifyNpmPackage API with supplied tuf client

> This is looking great, thanks so much for working on this. I have a few minor nits but overall it's looking good. Thanks for the review! I was also...

feat: VerifyNpmPackage API with supplied tuf client

@slugclub thanks again. @ianlewis @laurentsimon , please take a look

feat: VerifyNpmPackage API with supplied tuf client

@loosebazooka

feat: VerifyNpmPackage API with supplied tuf client

@loosebazooka

feat: VerifyNpmPackage API with supplied tuf client

I just don't think slsa-verifier should be involved in the lower-level details of the TUF client.

feat: VerifyNpmPackage API with supplied tuf client

> Could you say by what you mean on lower-level details? Do you mean the configuration of the TUF client? I mean the trusted_root.json file, and managing potential refreshes in...

feat: VerifyNpmPackage API with supplied tuf client

Alright. For now, it's simpler and more flexible to the user for slsa-verifier to accept a sigstore TUF client.

Support verification of generic builders

What kinds of unknown builders are you thinking? Are they still github actions?

fix: signoff commit

@ianlewis