TUF: Remove support for non-bundled roots of trust #584

woodruffw · 2023-03-25T02:49:27Z

Per conversation in #542: the bundled trust root is now considered the stable interface for retrieving all of the various pieces of Sigstore's root of trust, so we can remove support for the "standalone" targets that it replaced.

We should do #580 first, to convince ourselves that we haven't introduced any bugs by switching over to the bundled trust root.

asraa · 2023-03-29T17:01:34Z

Hey! Just FYI I've created a staging repository that can be pushed to a new staging bucket (to keep backwards compatibility because the root keys are different) that is now update-able and contains the trusted_root.json

@haydentherapper can fill you in about what the URL of the bucket will be

woodruffw added the enhancement New feature or request label Mar 25, 2023

woodruffw assigned tnytown Mar 25, 2023

woodruffw assigned woodruffw and unassigned tnytown Apr 23, 2023

woodruffw added the component:tuf TUF related components label Apr 23, 2023

woodruffw mentioned this issue Apr 23, 2023

tuf: remove non-trusted-root handling paths #626

Merged

tetsuo-cpp closed this as completed in #626 Apr 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TUF: Remove support for non-bundled roots of trust #584

TUF: Remove support for non-bundled roots of trust #584

woodruffw commented Mar 25, 2023

asraa commented Mar 29, 2023

TUF: Remove support for non-bundled roots of trust #584

TUF: Remove support for non-bundled roots of trust #584

Comments

woodruffw commented Mar 25, 2023

asraa commented Mar 29, 2023