Python: Consider using betterproto for models?

[woodruffw]

Opening this as an idea; I'm unsure if it's a good one.

Context: sigstore-protobuf-specs uses betterproto for its Protobuf codegen, rather than the protobuf package. This has a few API-side advantages, namely cleaner model generation and better mypy/typing integration.

Given that in-toto-attestation and sigstore-protobuf-specs are mutualistic, it might make sense to unify on a single Protobuf base library. I've suggested betterproto for the reasons above, although I could also potentially convinced that protobuf is the better choice 🙂

[woodruffw]

Another separate benefit of betterproto here is that it would avoid "laddered" dependencies: turning a Statement object into JSON currently requires the depender to directly depend on protobuf as well, so that it can import MessageToJson.

[joshuagl]

Thanks for the suggestion! Better mypy/typing integration alone seems worth the effort.

[woodruffw]

Glad to hear it! It looks like in-toto-attestation is still pre-1.0 on PyPI, so this could be done without violating SemVer. But it's still a relatively big API change.

[woodruffw]

(As a datapoint: #300 is an example of a typing bug that betterproto would probably have avoided, since those wrapper types wouldn't have been necessary with it.)

[woodruffw]

Looking into this today.