-
### What happened?
Currently, in `internal/cmd/root/root.go`, the trustpolicy's command is not added to the gittuf command.
I cannot actually add this to the root. Instead, I can only add its remo…
-
### Add a description
gittuf does not supported encrypted on-disk private keys right now. We should add support for this ASAP so that users aren't forced to use unencrypted keys.
Note: this is rea…
-
### Add a description
When SSH signature verification was added (#253), we had an issue with key formats for ed25519 keys generated using openssh. It was related to this issue: https://bugzilla.mindr…
-
### Add a description
For advanced/scripting uses a way to pass flags/options to git is needed.
The example I've stumbled across is that I'm trying to clone a repository from another local user:
…
-
### Proposed focus, intent, goals, and/or deliverables
The goal of this SIG is to evolve [OpenSSF security baseline](https://github.com/ossf/tac/blob/a90b9838739ac18df43197fdd89f045c1a1e4dc3/proces…
-
As a user I'd expect any verification command to exit with a non-zero exit status if the verification fails.
Especially relevant for scripting.
verify-ref behaves that way, but verify-commit and v…
-
### Add a description
Following #360 I suggest to add basic testing for the code snippets in `get-started.md`. Maybe Golang has good tooling for this, otherwise, we could take inspiration from [this …
-
### What happened?
I followed the instructions at https://github.com/gittuf/gittuf/blob/main/docs/get-started.md
I'm running this version:
```
$ gittuf version
gittuf version 0.3.0
```
It a…
-
**Description:**
Create a new Working Group designed to interface with OpenSSF projects, SIGs, and WGs.
After reviewing feedback from @TheFoxAtWork and @caniszczyk, the STAG Co-Chairs (myself, @…
-
https://aquaproj.github.io/ looks like a decent binary installer, which might be a useful fallback strategy, especially for go tools
Its github action installer is reasonable, but not as mature as …