Consider splitting signing-spec/ITE-5 code (package ssl) into a standalone repository
#110
Comments
|
I'm in favor of this, especially as this will allow other project (ie TUF) to use the same implementation code. |
|
I agree about code reuse, but why do we need yet another repo? Why not just https://github.com/secure-systems-lab/securesystemslib unless the perceived overheard is too high? |
|
I think that'll be the py implementation, so we perhaps want the golang one live somewhere else... |
Sure, so like securesystemslib-go? If no one wants to port the entire securesystemslib to go, I can understand that, so it will probably be just DSSE now, but I believe in-toto-golang has a lot of potential securesystemslib-go code already. |
|
Ah, yeah I think we're in agreement then 👍 |
|
Moving more potential sslib-like code out over time sounds good to me. Let me amend the original post. |
|
@adityasaky What about the go implementation? Shall I have a look on splitting the pkg/ssl part from the in-toto-golang repository? |
|
@adityasaky I think this can be closed, right? |
I wanted to broach the conversation of splitting off the implementation of the new signing-spec / ITE-5 support introduced in #101 into a standalone repository. The signing-spec, now renamed DSSE, is in the process of a v1 release: secure-systems-lab/dsse#37, and I was wondering about releasing this implementation as
github.com/secure-systems-lab/dsse-go, for example, to go along with the spec (and the Python implementation included there). This package could of course be imported and used in the ITE-6 specific branch(es) here. Any thoughts?Edit: @trishankatdatadog pointed out that this new repository could be the equivalent of
securesystemslibfor the Go implementations of in-toto/TUF over time, and I'm given to agree. It can definitely live under that moniker, and can start off by implementing DSSE.@kommendorkapten @dlorenc @SantiagoTorres @MarkLodato @mnm678 @trishankatdatadog
The text was updated successfully, but these errors were encountered: