-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider splitting signing-spec/ITE-5 code (package ssl
) into a standalone repository
#110
Comments
I'm in favor of this, especially as this will allow other project (ie TUF) to use the same implementation code. |
I agree about code reuse, but why do we need yet another repo? Why not just https://github.com/secure-systems-lab/securesystemslib unless the perceived overheard is too high? |
I think that'll be the py implementation, so we perhaps want the golang one live somewhere else... |
Sure, so like securesystemslib-go? If no one wants to port the entire securesystemslib to go, I can understand that, so it will probably be just DSSE now, but I believe in-toto-golang has a lot of potential securesystemslib-go code already. |
Ah, yeah I think we're in agreement then 👍 |
Moving more potential sslib-like code out over time sounds good to me. Let me amend the original post. |
@adityasaky What about the go implementation? Shall I have a look on splitting the pkg/ssl part from the in-toto-golang repository? |
@adityasaky I think this can be closed, right? |
I wanted to broach the conversation of splitting off the implementation of the new signing-spec / ITE-5 support introduced in #101 into a standalone repository. The signing-spec, now renamed DSSE, is in the process of a v1 release: secure-systems-lab/dsse#37, and I was wondering about releasing this implementation as
github.com/secure-systems-lab/dsse-go
, for example, to go along with the spec (and the Python implementation included there). This package could of course be imported and used in the ITE-6 specific branch(es) here. Any thoughts?Edit: @trishankatdatadog pointed out that this new repository could be the equivalent of
securesystemslib
for the Go implementations of in-toto/TUF over time, and I'm given to agree. It can definitely live under that moniker, and can start off by implementing DSSE.@kommendorkapten @dlorenc @SantiagoTorres @MarkLodato @mnm678 @trishankatdatadog
The text was updated successfully, but these errors were encountered: