-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
repository: bump revocation version after length addition #428
Conversation
Signed-off-by: Asra Ali <asraa@google.com>
Client verified up to the new snapshot/timestamp version here:
|
cosign initialize works fine:
tuf-tool:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the difference between these payloads?
It's a version bump:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just wondering why this is needed? Is anything else changing?
Per the PR description: in #327, I had changed the payload of the file because go-tuf omitted No other changes needed, in fact this delegation will all go away after the signing. But it is important because if we ever add this delegation back it must be added at version 3: not version 2. |
Signed-off-by: Asra Ali asraa@google.com
#410 (comment)
Before the new root signing event, we should close out this erroneous lack of version update in the revocation delegation.
The delegation had updated payload for compatibility with rust here: #327
and should have increased in version.
To produce this change, I had to run