At the moment, only sigstore-python is only used for 'acceptance' into the conformance suite, meaning that it's pretty easy to merge FP/FN or otherwise incorrect cases because they're either skipped or a single implementation incorrectly accepts them. See #112 for an example of this.
To mitigate this, we could add another self-test with a separate implementation, such as sigstore-go.
At the moment, only
sigstore-pythonis only used for 'acceptance' into the conformance suite, meaning that it's pretty easy to merge FP/FN or otherwise incorrect cases because they're either skipped or a single implementation incorrectly accepts them. See #112 for an example of this.To mitigate this, we could add another self-test with a separate implementation, such as
sigstore-go.