kommendorkapten
commented
4 months ago Oh, yes of course 🤦 Let me take a look and see if I can come up with a good middle step.
Closed haydentherapper closed 4 months ago
kommendorkapten
commented
4 months ago Oh, yes of course 🤦 Let me take a look and see if I can come up with a good middle step.
kommendorkapten
commented
4 months ago @haydentherapper what I can think of is that we expose a parameter flag that is set in the workflows to use the older key type, then as part of the signing ceremony we update the workflow to not set the flag and so use the new type.
Reverts sigstore/root-signing#1130 Fixes https://github.com/sigstore/root-signing/issues/1139
Breaks snapshot and timestamp generation at main, since the key ID calculation changed. Will merge back in closer to signing ceremony.
Will take a look on Monday to see if there’s another way to set this up so it can be immediately merged back.