-
#1270 was a short term fix to handle expired TUF metadata, but we should improve this. I think it'll take a patch in go-tuf to make it easier to test.
We want to verify the following configurations…
-
To mimimize client configuration pip should be able to find the "TUF API endpoint" (the metadata directory) without any other information than the index url that is defined in pip.conf. This relation …
-
A couple of weeks ago, the day that Andrew left IEEE ("Oakland") and came to stay with Nathan, Andrew and Brian and I had a conversation about "forward-compatibility" and "future-proofing" features fo…
-
From sigstore-rootsigning meeting: The registry.npmjs.org role is
1. managed externally, outside of the repository
2. actually signed by a KMS key
We should make sure we either support this set…
-
This issue collects the sub-issues that are needed to deploy TUF on registries. Some of these are addressed in the [proposed design], but require some validation, others will require some more design …
-
Cosign seems to be taking a long time to download tuf data and triangulate the image, we'll need to investigate this rather than just bump timeouts like we did in https://github.com/bpfman/bpfman/pull…
-
The specification should provide recommendations about upload access to TUF repositories. An uploader should only be trusted to upload images that have been delegated to them, and in most cases they s…
-
In general, Uptane is a superset of TUF. It borrows roles, delegations, and the vast majority of other concepts from TUF. Changes needed in TUF for Uptane, such as some of the multi repository suppo…
-
**Description**
Joshuas original TUF PR and the "sigstore TUF client" design doc contain the idea of not fetching remote metadata if it's not required:
* the PR just checked if timestamp was expir…
-
Factory settings
When filling in the telecommunications account password WIFI account password, a second page will pop up to fill in the telecommunications account password WIFI password