search

sigstore / model-transparency

Supply chain security for ML
Apache License 2.0
106 stars 28 forks source link

v1 release #175

Open laurentsimon opened 4 months ago

laurentsimon commented 4 months ago

This is a proposal for v1 release. Scope: support sigstore for path only (no in-memory path support). This requires to implement only a subset of https://github.com/sigstore/model-transparency/issues/172:

# model.py
def sign(
      input: Path,
      sig: Path  = defaultSigPath(input),
      recompute_paths: []Path = None,
      ignored_paths: []Path = [".git"],
     ) -> None
    ...

def verify(
      input: Path,
      sig: Path  = defaultSigPath(input),
      verifier: Verifier = SigstoreVerifier(),
      ignored_paths: []Path = [".git"],
    ) -> bool

What needs to be done:

Simple

Medium

More work

We can add support for more features https://github.com/sigstore/model-transparency/issues/172 without breaking backward compatibility

laurentsimon commented 4 months ago

@mihaimaruseac what do you think of making these the prio for v1?

mihaimaruseac commented 4 months ago

I think anything that comes for the API are priority. So #172 , #111 (manifest), #140 (hash engine), #160 (incremental rehashing) are a must. As part of this, we will also need to clean-up BaseResult (#174).

Looking back, that's exactly the list you mentioned above.

mihaimaruseac commented 4 months ago

I think #157 might also be good to have in the release

laurentsimon commented 4 months ago

I think #157 might also be good to have in the release

Good call. Added to the list. Thanks!

mihaimaruseac commented 4 months ago

Added all of them to a milestone too. But also added improvement issues there, so it's good to keep track of the important ones on this issue

laurentsimon commented 3 months ago

This was discussed in the SIG meeting of 12 June 24. We would like to also support private PKI for this release. (We don't need to support all possible features, and we'll add new ones without breaking backward compatibility)