trishankatdatadog
commented
1 year ago We may want to merge #470 before moving away from go-tuf
Closed rdimitrov closed 8 months ago
trishankatdatadog
commented
1 year ago We may want to merge #470 before moving away from go-tuf
rdimitrov
commented
8 months ago Closing since the code base changed and this is already moved to go-sslib.
Thanks for raising this 👍
The encrypted package in go-tuf provides the functionality to encrypt/decrypt a given byte stream with another.
This is not relevant to the goal of the project and TUF in general. As a result, there are now projects which have go-tuf as their dependency only because of that.
In that sense, I think it would be right if this package is gradually deprecated here and moved to another project which better suits its functionality.
I'd say the https://github.com/secure-systems-lab/go-securesystemslib is a good choice.
Maybe https://github.com/sigstore/sigstore too, but I'm doubtful as sigstore uses it mostly in cosign to encrypt the keys one can generate with cosign (and if I'm not mistaken this command can be deprecated at some point).
Let's discuss what we think about that and what are the possible options 👍