Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove TUF timestamp from OCI signature bundle #1428

Merged
merged 1 commit into from Feb 9, 2022
Merged

Remove TUF timestamp from OCI signature bundle #1428

merged 1 commit into from Feb 9, 2022

Conversation

haydentherapper
Copy link
Contributor

As described in #1273, this solution does not work
because the TUF root is not included in the snapshot.
Removing unused code.

Confirmed that verifying images with a timestamp
annotation still works. Confimed that signing and
verifying works locally too.

Signed-off-by: Hayden Blauzvern hblauzvern@google.com

Summary

Ticket Link

Fixes

Release Note

Removed unused TUF timestamp from OCI signature

@haydentherapper
Remove TUF timestamp from OCI signature bundle
3cdeb47 
As described in sigstore#1273, this solution does not work
because the TUF root is not included in the snapshot.
Removing unused code.

Confirmed that verifying images with a timestamp
annotation still works. Confimed that signing and
verifying works locally too.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
@haydentherapper
Copy link
Contributor Author

How to pad your github stats - Add a feature and remove it a week later

@haydentherapper
Copy link
Contributor Author

Rollback of #1274, #1316, and #1294, leaving in tests for signers that were added as part of the PRs.

@dlorenc dlorenc merged commit 6b42e47 into sigstore:main Feb 9, 2022
@github-actions github-actions bot added this to the v1.6.0 milestone Feb 9, 2022
@haydentherapper haydentherapper deleted the byebyetimestamp branch February 9, 2022 00:40
hatmarch pushed a commit to hatmarch/cosign that referenced this pull request Apr 19, 2022
@haydentherapper
Remove TUF timestamp from OCI signature bundle (sigstore#1428)
0e3371a 
As described in sigstore#1273, this solution does not work
because the TUF root is not included in the snapshot.
Removing unused code.

Confirmed that verifying images with a timestamp
annotation still works. Confimed that signing and
verifying works locally too.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@haydentherapper @mlieberman85
Remove TUF timestamp from OCI signature bundle (sigstore#1428)
b9aa59b 
As described in sigstore#1273, this solution does not work
because the TUF root is not included in the snapshot.
Removing unused code.

Confirmed that verifying images with a timestamp
annotation still works. Confimed that signing and
verifying works locally too.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.6.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@haydentherapper @dlorenc