This PR isn't there yet; it's highlighting some bugs. I ran into trouble getting this to work with gittuf/demo (even with some changes to the script to handle pem -> pub, etc). One thing in particular may be linked to key ID computation, though this might also mean the demo script needs to be updated.
Also, more generally, we may want to compute the key ID the old way for consistency with metadata that already exists (dogfood). It should be internally consistent--this should not break existing policies--but it can be hard to inspect and map old key ID to new key ID if necessary.
adityasaky
commented
1 week ago
This PR isn't there yet; it's highlighting some bugs. I ran into trouble getting this to work with gittuf/demo (even with some changes to the script to handle pem -> pub, etc). One thing in particular may be linked to key ID computation, though this might also mean the demo script needs to be updated.Also, more generally, we may want to compute the key ID the old way for consistency with metadata that already exists (dogfood). It should be internally consistent--this should not break existing policies--but it can be hard to inspect and map old key ID to new key ID if necessary.