Skip attestations that cannot be verified rather than abort

in-toto / attestation-verifier

Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts

Other

15 stars 7 forks source link

Skip attestations that cannot be verified rather than abort #18

Closed adityasaky closed 9 months ago

adityasaky commented 11 months ago

If there are extra attestations signed by keys not in the policy, the verifier currently terminates with an error, even if the attestation isn't necessary for the layout. This PR makes the verifier ignore such claims, proceeding with verification of authenticated attestations.

adityasaky commented 10 months ago

@marcelamelara https://github.com/in-toto/attestation-verifier/pull/18/commits/69b8d6236f830a4803b94a0d4ea268a973e5e983

adityasaky commented 10 months ago

@trishankatdatadog feel free to merge if your concern's been addressed, thanks!