Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add & update targets in TrustedRoot #384

Closed
fghanmi opened this issue Aug 20, 2024 · 3 comments
Closed

Add & update targets in TrustedRoot #384

fghanmi opened this issue Aug 20, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@fghanmi
Copy link

fghanmi commented Aug 20, 2024

Description

The purpose of this issue is to track the changes required to add and update targets in the TrustedRoot.

@jku
Copy link
Member

jku commented Sep 16, 2024

I'm leaving this comment here instead of the PR since I think it's not specific to the implementation.

You said in the PR:

actually, on our side we need to be able to manipulate trust_root.json in another Rust tool: tuftool (https://github.com/awslabs/tough/tree/develop), since as of now, only sigstore-rs manages the new-style targets trust_root.json. So, it's the library where this code would fit and would be reusable by other people who have a similar usecase.

I believe up to this point sigstore-rs has been 100% a client library (I could be wrong, I'm not too familiar at this point).

Modifying the trust root sounds like something only the folks running a sigstore instance would do. I can see how the functionality would be useful for folks running private deployments but... is sigstore-rs is the right place?

  • including the code in a client library sounds a little weird -- 600 LOC that that will never be used by the actual client is likely not appealing to maintainers
  • From an ecosystem perspective it feels like there should preferably be a single tool to producing/modifying trusted_root.json... It's hard to tell if this PR would move towards that goal or away from it

Maybe this code does make sense in sigstore-rs -- it's true that some tools should exist for this -- but if I was a maintainer, I would like more clarity on the above points

@flavio
Copy link
Member

flavio commented Sep 17, 2024

I totally agree with @jku. I think this is out of the scope of sigstore-rs

@flavio flavio closed this as completed Sep 17, 2024
@jku
Copy link
Member

jku commented Sep 17, 2024

@fghanmi:

have you seen https://github.com/kommendorkapten/trtool -- I think kommendorkapten might be open to improvements if that looks roughly like what you need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants