The command line tool and signing events do a decent job of explaining the changes that are being signed.
However, if a signer or other user wants to get an overview of the repository, that information is not available.
I would like to see a way to review
roles:
expiry and signing periods
who the signers are, what is the threshold
maybe artifacts as well
Having this in the CLI might be useful (as it's the one trusted component for a signer)... but as highest priority I'd like to see a html or markdown based view of the repository published along with the metadata. Some ideas:
https://github.com/DataDog/tuf-explorer might be interesting: I really wish it was a more standalone js thing but maybe it could be run in the publish step to produce static html
A python component that produced markdown describing metadata could be used in both signer and the repository...
jku
commented
1 year ago
The command line tool and signing events do a decent job of explaining the changes that are being signed. However, if a signer or other user wants to get an overview of the repository, that information is not available.
I would like to see a way to review
Having this in the CLI might be useful (as it's the one trusted component for a signer)... but as highest priority I'd like to see a html or markdown based view of the repository published along with the metadata. Some ideas: