-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sigstore: v3 bundles #901
sigstore: v3 bundles #901
Conversation
Signed-off-by: William Woodruff <william@trailofbits.com>
Signed-off-by: William Woodruff <william@trailofbits.com>
Not added until 3.11; use (str, Enum) instead. Signed-off-by: William Woodruff <william@trailofbits.com>
`in` doesn't work on inner enum types until 3.12. Signed-off-by: William Woodruff <william@trailofbits.com>
I think this is good to go. It adds support for verifying v3 bundles, but still emits v2 ones. In terms of switching signing to v3: I think the 3.x release series would be reasonable. |
Signed-off-by: William Woodruff <william@trailofbits.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems quite reasonable as is. Some comments :
- tests would be nice but I can see how they become more viable once the signing works too
KnownBundleType
is a bit of a mouthful: it could probably be justBundleType
Yeah, I like that 🙂 -- I'll make a quick change (and also update the CHANGELOG). |
Signed-off-by: William Woodruff <william@trailofbits.com>
Signed-off-by: William Woodruff <william@trailofbits.com>
Bumps
sigstore-protobuf-specs
, giving us access to the latest Bundle version.