sigstore
consider progress bar for "sigstore sign"
From #1468
One thing I was thinking about it whether the increased latency with Rekor v2 means that it might make sense to show a progress bar while signing (i.e. when we can detect an interactive user terminal). Do you have thoughts on that? Not a blocker here either way.
I'd like it... but I don't think it's possible to implement one that is useful: for the typical case (signing less than
max_workersartifacts) the runtime can be anything from X seconds to X+Y seconds where X is the "current baseline" and Y is the checkpoint interval that rekor-tiles uses... So there's problems:
- currently X and Y are similar (a couple of seconds) but Y may be increased to up to 10 secs so it could dominate the progress bar
- we don't know for sure what Y is (since it's a knob that rekor-tiles admins can tweak)
- even if we did, our runtime depends on when during the interval we happen to make our request -- if we are lucky we get a response immediately
Originally posted by @jku in https://github.com/sigstore/sigstore-python/issues/1468#issuecomment-3108935211
I said that but maybe I'm wrong: we do multiple things that mostly cannot be parallelized so maybe rekor unpredictability is not a fatal issue. Different "sections" of the progress bar could handle:
- tuf
- oidc auth
- fulcio
- timestamps
- Rekor (the size of this part is tricky to estimate as there is a random component but it does depend on number of signed artifacts)
Maybe that's still something that would be useful in a progress bar?
Yeah, I don't have a good sense here. Even more generically -- if a progress bar isn't a great fit due to variance in operation times, some kind of spinner that shows the user we're still working (rather than being hung) would probably be good.
