-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pinned Fulcio and Rekor root certs should be updatable via TUF #60
Comments
WIP towards #60 Signed-off-by: Patrick Flynn <patrick@chainguard.dev>
Here is a list of follow on items that I need to do:
Obviously as we add more resource types we need to refactor. The good news is most of the weirdness in the parsing and verification has been tackled so the rest of the resources should be pretty quick. (famous last words). |
The question is how the default caching should work. |
@vlsi take a look at https://docs.google.com/document/d/1QWBvpwYxOy9njAmd8vpizNQpPti9rd5ugVhji0r3T4c/edit for the way the local store is supposed to work. We expect to store the local cache under ~/.sigstore by default and then there's going to probalby be a sub-directory per client-spec (map.json), that we would probably create from the client. |
done! |
Currently we have statically included the Rekor and Fulcio public keys into the library. These keys should be updatable via TUF.
The text was updated successfully, but these errors were encountered: