-
**Problem:**
When attempting to generate an attestation with an encrypted private key, witness throws an error stating it failed to open the key file. When using an unencrypted private key, witness w…
ajh- updated
4 months ago
-
### Add a description
Currently, `list-rules` only list rules but not other parts of the state of the state, which leaves critical parts of the state hidden, like root keys and root key thresholds. W…
-
# What
There's an initiative from the Marketing Committee to gather up some standard info about Who/What/Where/When/Why/How on each of the new OpenSSF projects that have launched / are launching soon…
-
While the specification primarily focuses on who can _write_ to a Git ref or some files stored in a repository, there are use cases for limiting the ability to _read_ certain files. For example, a sec…
-
First raised in https://github.com/adityasaky/gittuf/pull/37#discussion_r1193990449.
Currently, `state.Verify()` returns successfully if the top level targets role (same for delegated roles) is mis…
-
Git has a feature to replace an instance of an object with another equivalent. This is tracked using the refspec in the `refs/replace` namespace. Note that these aren't synced automatically.
gittuf…
-
The transport introduced in #411 is an alternative to the default transport provided by Git, and performs some gittuf operations transparently to the end-user.
It's in an alpha state at the moment …
-
To improve gittuf's UX (#4), the CLI must provide some command compatibility with Git itself. This would allow users to use gittuf as a drop-in replacement for Git in common workflows such as syncing …
-
### What happened?
Our new ssh signer [shells out to `ssh-keygen`](https://github.com/gittuf/gittuf/blob/main/internal/signerverifier/ssh/ssh.go#L75) to create signatures. This passes responsibility …
-
### Add a description
Currently, gittuf rules cannot be easily reordered without removing them and adding them back in the desired order. As rule order matters in gittuf, adding reordering functional…