search

sigstore / model-transparency

Supply chain security for ML
Apache License 2.0
113 stars 33 forks source link

Private Sigstore deployment #85

Open laurentsimon opened 11 months ago

laurentsimon commented 11 months ago

The API should support custom roots. For Fulcio and Rekor, we need

  1. tuf root
  2. a URL to update the root (if not already present in the tuf root data of (1))

@haydentherapper please keep me honest

haydentherapper commented 11 months ago

2 is always needed, 1 (the root metadata) does not specify where the TUF repo is hosted.

mihaimaruseac commented 2 months ago

This should be after the v1 release