-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: Use TUF-on-CI to maintain root-signing #929
Comments
This is great! I fully support the proposal to use TUF-on-CI to maintain this repository. For the keyholder audience, it would likely be useful to be able to compare the current ceremony to how the ceremony should work after the change. That would be a good demo and an even better diagram/document. |
I forgot to update this issue:
|
I'll need to find the right place to file an issue for this but:
|
for reference: sigstore/root-signing-staging#1 is ongoing but the TUF repository is not functional yet (KMS is not working). Next steps for sigstore/root-signing-staging are:
|
sigstore/root-signing-staging is now technically operational (provisional, not published to the official GCS bucket yet).
|
Update:
My next step is a dry-run of importing the production repo into tuf-on-ci:
|
Update:
Next:
|
#1320 tracks the actual signing event |
✔️ current public repository is published with tuf-on-ci |
Hi root-signing contributors and interested bystanders,
@kommendorkapten and I have been working on TUF-on-CI for the past few months -- it's a more "productized" TUF signing system that works on top of git and GitHub like root-signing. I'd like to propose gradually moving the maintenance of Sigstore root-signing to happen with TUF-on-CI.
Summary
More details
Next steps
I'll start a thread on slack (sigstore-keyholders maybe?) about this: comments are welcome here or in slack
The text was updated successfully, but these errors were encountered: