Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tuf] Use trusted_root.json to fetch CTLog/Rekor/ #1042

Open
asraa opened this issue Mar 21, 2023 · 1 comment
Open

[tuf] Use trusted_root.json to fetch CTLog/Rekor/ #1042

asraa opened this issue Mar 21, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@asraa
Copy link
Contributor

asraa commented Mar 21, 2023

Description

@bdehamer recently added a trusted_root.json (https://github.com/sigstore/root-signing/blob/main/targets/trusted_root.json) that includes all trusted targets along with their metadata (like log ID).

The functions GetRoots(), GetIntermediates() and GetRekorPubs() should all be migrated to using this target file.

This does not require an API change!

Unfortunately, I cannot do this, but filing this issue because eventually clients should be relying on this target, and not in the individual files.

@znewman01 for sigstore-go tracking

cc @jku @haydentherapper
@asraa asraa added the enhancement New feature or request label Mar 21, 2023
@haydentherapper
Copy link
Contributor

We should also use the newly added expiration information and stop relying on the usage metadata for active vs expired.

@asraa asraa mentioned this issue Mar 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asraa @haydentherapper