Closed flavio closed 2 weeks ago
Apologies for the regression. #311 reworks the target fetching functionality and caches the trust root correctly.
@tnytown no worries, ping me on the other PR when it's ready to be reviewed
Closing, this has been fixed
Description
Up to version 0.7.2, the
SigstoreRepository::fetch
method took care of synchronizing the contents of a local checkout of Sigstore's TUF repository.Now (v0.8.0 being latest stable release), the
SigstoreTrustRoot::new
method tries to take advantage of a local cache of the TUF repository, but it doesn't update the local contents.The code that takes care of synchronizing the local cache is still part of the sigstore-rs codebase, but it's no longer being used.