sigstore-java
sigstore-java copied to clipboard
sigstore
java clients for sigstore
we have a few scripts in here that could probably benefit from some linting
https://github.com/sigstore/sigstore-java/pull/369/files/f0fd2d979f2341f767017448ee8cc6708c561ff6#r1136968518
**Description** Currently, sigstore-java is all-in-one, so users can't select the bits they need, and the dependency surface might become an issue. For instance, generating Sigstore Bundle requires `protobuf-java` which is...
**Description** It would be good for clients to be able to specify a `User-Agent` header on HTTP requests to sigstore services. @loosebazooka
**Description** `ZonedDateTime` allows dates with named timezones (e.g. `Europe/Berlin`) that depend on the local timezone database. I wonder if we really need to support named time zones. It might be...
We should take a look at more modern testing approaches that could improve the readability and maintenance of our test cases. fo reference #200
**Description** `KeylessSigner.sign` is stuck for significant amount of time. It might be that I skipped OIDC flow in the web-browser, however, I believe there should be some kind of timeout....
**Description** Is `KeylessSigningResult` to be `sha256` always? E.g. https://docs.google.com/document/d/1gucjOA_bGyRjK6TeaOI-X5GIUv8WsPzeMDMkq25Kv4Y/edit# consider having "algorithm" as an explicit field.
**Description** `KeylessSigner.builder().sigstorePublicDefaults().build()` is nice, however, it makes it hard to peek into the results, as the client have no guarantees on which "defaults" are selected, and the defaults might even...