Proposal to split the cosigned webhook to it's own repository. #9
Comments
|
Related: sigstore/cosign#1462 |
|
I'm fine either way here. |
|
sounds OK to me. One thing if possible, when re-factoring out code (if it makes sense), it would be good to utilise sigstore/sigstore. |
|
also kudos for using the this repo to ask! we should try to keep this working context going forward, as its then a recorded decision (and not lost when slack purges messages). |
|
Last one: I think a name change would be beneficial, and the code move would be a good opportunity to do that. It's very easy to mistake cosigned as a cosign (vice versa), when spoken out loud. |
|
That's facts about cosign/cosigned being easily confused when spoken out lout. Mayhaps to explicity spell it out the repo could be something like: But I should not be counted on to come up with a good name :) |
|
I like the last one. |
|
@bobcallaway what are your thoughts? |
|
Have you figured out how to do the split? It's always a bit tricky when you try to preserve history. |
|
I hadn't thought about the history, naively thought the history would live in sigstore/cosign prior to the move and stay there. I'm totes open to suggestions on doing the right thing, I just don't know what it is. |
|
I think there's a git filter-tree thingy, but that's fine too |
|
+1 to this idea, as well as to luke's reminder about |
|
+1 |
|
The main historical reason aimed to keep the dependencies together. That could ease the maintenance and testing of cosigned. This is also related to sigstore/cosign#651 |
|
Do folks have any major objections for the repo being: Certainly very descriptive :) |
|
I am certainly not good at naming things, I am happy with any name better than e.g. |
|
I like either of those two options. |
|
Either works for me. |
|
also could consider thoughts? |
If it's under the sigstore org I'd say you could avoid some stutter if you just call it sigstore/policy-controller etc. |
|
One other note, for our purposes, it would really help if we can finish the bump to |
That's sounds good to me, has my +1 |
|
I believe we have a winner |
|
approved: repo name: sigstore/policy-controller |
There's been a few times in the past where the point about splitting the cosigned webhook into its own repository has been brought up.
So, I wanted to formalize that a little bit and see how y'all are feeling about it and if that would be doable? I'd be happy to drive the mechanics of pulling apart the cosigned bits and importing into the new repo.
Pros I think are (some, not even close to all):
I think on the con side there's obvs the initial grunt work on pulling things apart, but I think in the longer term it will be cleaner to split the webhook into it's own repo with its own maintainers, release cadence, etc.
Thoughts?
@bobcallaway @dlorenc @lukehinds
The text was updated successfully, but these errors were encountered: