go-tuf

go-tuf copied to clipboard

Add SLSA provenance

1

Please add [SLSA provenance ](https://slsa.dev/)to your releases. It is quick and easy to do on on Github: https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator Background info: https://docs.sigstore.dev/signing/overview/

udf2457

Custom user agent string

2

It would be good during debugging sessions if the user agent string contained the go-tuf version instead of the default Go user agent string. Also, during tuf client initializeation the...

kommendorkapten

## Issue Deep target file paths, or file paths that are more than one subdirectory deep (e.g. `//file`) fail to download due to the `targetRemotePath` being built wrong when using...

mrjoelkamp

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.4 to 1.8.6. Release notes Sourced from github.com/sigstore/sigstore's releases. v1.8.6 What's Changed Bump goodkey, fix breakage by @​jonjohnsonjr in sigstore/sigstore#1761 New Contributors @​jonjohnsonjr made their first contribution...

dependabot[bot]

Make repository.repositoryType public (repository.RepositoryType)

2

The library uses `repository.repositoryType` as a way to manage the role metadata and interact with it while using the library. However the type is private and so cannot be used...

eikenb

Reference - https://go.dev/wiki/Deprecated

rdimitrov

[tuf-conformance](https://github.com/theupdateframework/tuf-conformance/) is a test suite for TUF clients. It should help with spec conformance as well as practical compatibility with other client implementations. * It would be useful for go-tuf...

jku

chore(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.7

1

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.4 to 1.8.7. Release notes Sourced from github.com/sigstore/sigstore's releases. v1.8.7 Dependencies updates only What's Changed build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates by @​dependabot...

dependabot[bot]