Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[targets v11] What to do with the GitHub TSA in trusted_root.json #1268

Open
kommendorkapten opened this issue Jun 17, 2024 · 3 comments
Open

[targets v11] What to do with the GitHub TSA in trusted_root.json #1268

kommendorkapten opened this issue Jun 17, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@kommendorkapten
Copy link
Member

Description

Currently we ship GitHub's TSA as part of trusted_root.json

This was made in an effort to support the community and possibly the npm work with a TSA, but it's not used outside of GitHub to my knowledge.

The certificate for GitHub's TSA have now been rotated, and the rotation frequency is currently every 6 months (yes this is frequent!). This will pose a challenge for sigstore root signing to keep up.

I'm thinking if we should remove the TSA from trusted_root.json?

cc @trevrosen @bobcallaway @haydentherapper
@kommendorkapten kommendorkapten added the enhancement New feature or request label Jun 17, 2024
@haydentherapper
Copy link
Contributor

haydentherapper commented Jun 17, 2024
edited
Loading

I’m unaware of anyone using it as well. SGTM

@haydentherapper
Copy link
Contributor

@jku fyi related to what we were chatting about, we can remove this as part of the next rotation

@jku jku mentioned this issue Aug 21, 2024
Closed
@kommendorkapten kommendorkapten mentioned this issue Aug 21, 2024
Closed
@jku
Copy link
Member

jku commented Aug 21, 2024

Test in staging ongoing in sigstore/root-signing-staging#157

@haydentherapper haydentherapper mentioned this issue Aug 21, 2024
Closed
@kommendorkapten kommendorkapten mentioned this issue Aug 22, 2024
Closed
@haydentherapper haydentherapper mentioned this issue Aug 28, 2024
Merged
@haydentherapper haydentherapper changed the title What to do with the GitHub TSA in trusted_root.json [v11] What to do with the GitHub TSA in trusted_root.json Sep 3, 2024
@jku jku changed the title [v11] What to do with the GitHub TSA in trusted_root.json [targets v11] What to do with the GitHub TSA in trusted_root.json Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jku @haydentherapper @kommendorkapten