jku
commented
1 year ago Current state:
- tuf: last release was in may, we almost certainly need a new one
- securesystemslib: last release mid april, does not contain AzureSigner at least
- sigstore: currently only a specific commit is compatible (see #112). sigstore needs a new release, then securesystemslib needs to get modified to use that release, then we should use those releases
Currently we have dependencies using main git branches or specific commits. Goal should be:
This is mainly about tuf, sigstore and securesystemslib