-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stabilize the bundle format #116
Comments
As a personal bugbear that I'd like to see addressed in 1.0: there are currently way too many valid states for the tuple of |
We wouldn't be able to remove it entirely unfortunately, since it's still used as a signed timestamp from Rekor, but it could be moved under |
Are we using https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_verification.proto? One question is if we want a 1.0 release for everything or just the bundle format. I think the verification options are still a WIP. Do we have enough usage of trustroot for declaring it 1.0? |
For the trust root, I'd say we can declare it 1.0. We are using it for npm and some other projects. |
For consideration WRT trustroot: #183 |
Per sigstore/sig-clients#8: releasing a 1.0 version of the specs here would lend weight to cross-client standardization.
As part of that, we probably need a task burndown, along a few axes:
The text was updated successfully, but these errors were encountered: