compatibility: sigstore metadata expiry is incompatible #1858
Comments
|
cc @rdimitrov |
jku
changed the title
|
There's some discussion about this in a go-tuf issue theupdateframework/go-tuf#136 |
|
🙏 current sigstore metadata works with python-tuf-ngclient ( boostrap from 5.root.json only). Thanks Asra and others who worked on this! Now would be a good time to start working on a compliance test suite... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/sigstore/root-signing/blob/main/repository/repository/1.root.json
we don't consider this spec compliant and currently fail to load this metadata. Should file a bug on go-tuf I suppose?
In addition to this securesystemslib fails to load the ecdsa keys they use: #1859.
The text was updated successfully, but these errors were encountered: