Signing event: sign/root-v8

[sigstore-bot]

Processing signing event sign/root-v8, please wait.

[sigstore-bot]

Current signing event state

Event sign/root-v8 (commit b288dec)

:x: root

Role root is unsigned and not yet verified Still missing signatures from @joshuagl, @jku, @mnm678, @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

[jku]

before signing: let's agree on if we want to bump one of [targets, root] signing period to very long. I think that would make sense:

• we can preserve the security properties we want with just signing a single role
• the automation does not then create two signing events

[sigstore-bot]

Current signing event state

Event sign/root-v8 (commit 0cf9c27)

:x: root

Role root is not yet verified. It is signed by 1/2 (1/2) signers (@jku). Still missing signatures from @mnm678, @joshuagl, @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

:white_check_mark: targets

Role targets is verified and signed by 1/1 signers (@jku). Still missing signatures from @mnm678, @joshuagl, @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

[jku]

I've added changes proposed in #126 (made targets expiry 10 years).

This is not meant to be an already made decision: feel free to disagree in the issue.

[sigstore-bot]

Current signing event state

Event sign/root-v8 (commit d9b2058)

:white_check_mark: root

Role root is verified and signed by 2/2 (2/2) signers (@kommendorkapten, @jku). Still missing signatures from @joshuagl, @mnm678 Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

:white_check_mark: targets

Role targets is verified and signed by 2/1 signers (@kommendorkapten, @jku). Still missing signatures from @joshuagl, @mnm678 Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

[sigstore-bot]

Current signing event state

Event sign/root-v8 (commit f0c70cc)

:white_check_mark: root

Role root is verified and signed by 3/2 (3/2) signers (@jku, @mnm678, @kommendorkapten). Still missing signatures from @joshuagl Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

:white_check_mark: targets

Role targets is verified and signed by 3/1 signers (@jku, @mnm678, @kommendorkapten). Still missing signatures from @joshuagl Signers can sign these changes by running tuf-on-ci-sign sign/root-v8

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

[sigstore-bot]

Current signing event state

Event sign/root-v8 (commit 0a15e43)

:white_check_mark: root

Role root is verified and signed by 4/2 (4/2) signers (@joshuagl, @kommendorkapten, @jku, @mnm678).

:white_check_mark: targets

Role targets is verified and signed by 4/1 signers (@joshuagl, @kommendorkapten, @jku, @mnm678).

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

[jku]

@kommendorkapten would you mind reviewing and merging? I was the last to merge so my review is not good enough