haydentherapper
commented
1 year ago Agreed. We should have some tests for v1 for clients that care, but I don’t think we should mandate v1 support.
Open loosebazooka opened 1 year ago
haydentherapper
commented
1 year ago Agreed. We should have some tests for v1 for clients that care, but I don’t think we should mandate v1 support.
woodruffw
commented
1 year ago Fully agreed as well!
woodruffw
commented
1 year ago 
segiddins
commented
7 months ago I think we also need a v0.3 test as well
woodruffw
commented
7 months ago I think we also need a v0.3 test as well
Yep. sigstore-python has begun verifying 0.3 bundles in our development series, and our 3.x release will default to 0.3 for both signing and verifying.
Just thinking about this problem since protobuf-specs says about v0.1 bundles: https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto#L62
There aren't really too many compatibility issues but maybe v0.1 support should be optional for clients in conformance tests?