Open jku opened 2 years ago
joshuagl
commented
2 years ago go-tuf very recently added a status command in https://github.com/theupdateframework/go-tuf/commit/af3c7d6a7dff051e9ef4b965a1258df09249a13f
which lets you call: tuf status --valid-at "$(date -d '+1 hour')" timestamp
jku
commented
2 years ago yes, something like that which can then be used (for example) in a workflow in the metadata repository to create a GitHub issue if it fails.
The remaining extra bit is tying keys to identities like github accounts. I suppose we could add a "x-tufrepo-key-owner-github" field to keys so the GitHub issue could then name the correct owner... or something. I'm tempted to just use github username as keyname
But just the validity check would be good
In https://github.com/jku/tuf-demo I would like an easy way to create GitHub issues some time before metadata expires: this applies to especially root, but but maybe also targets metadata
Not sure how this should work but possibly
tufrepo verifycould have an option that fails if expiry is less than x days in the future?