-
In some deployments, such as Sigstore trust root management, both `root` and `targets` have the same expiration and signers. This means that root and targets are always signed at the same time, by the…
-
This could easily be a "won't fix", but I thought I'd mention it. As reported [here](https://github.com/advancedtelematic/aktualizr/issues/1073), the aktualizr program is rejecting the timestamp.json …
-
`tuf::client::PathTranslator` allows clients to use an alternative path separator, but according to https://github.com/theupdateframework/specification/issues/63#issuecomment-556995907, the targets me…
-
https://theupdateframework.github.io/
-
**Description**
In the next root-signing, we'll be migrating targets for `fulcio` under a `fulcio` subdirectory, and `rekor` under a `rekor` subdirectory (and keeping old targets for compatibility …
-
I'm trying to figure out the sensors on this motherboard. sensors-detect finds the nct6798-isa-0290, I've found the fan mapping through plug and play:
label fan2 "CPU FAN"
set fan2_min 300
l…
-
## Goal
Orbit currently loads the TLS client certificate files from the following hardcoded paths:
```sh
# Client certificate paths for TUF
$ORBIT_ROOT_DIR/update_client.crt
$ORBIT_ROOT_DIR/upd…
-
**Description**
Currently cosign user-agent when downloading TUF metadata is `Go-http-client/2.0,gzip`. It would be helpful if it had more details, something like `cosign/2.0.2 go-tuf/0.5.2 Go-http…
-
Based by a comment from @znewman01 in https://github.com/theupdateframework/go-tuf/discussions/291
> Right now we have a lot of "instantiate a thing, and then do a whole bunch of miscellaneous operati…
-
The first-party [create-release](https://github.com/actions/create-release) GitHub Action we are using has been archived since Mar 4, 2021. We should switch over to a _third-party_ maintained action, …