Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted #2054

Merged
merged 1 commit into from
Aug 15, 2023

Conversation

mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Jul 21, 2023

The github.com/theupdateframework/go-tuf/encrypted subpackage is deprecated, switch to the new location.

Separately, this is a BREAKING change: the key encryption parameters of encrypted.Encrypt have been changed, so the keys generated by the new code can't be loaded by older implementations. (Old keys can continue to be used by new implementations.)

Let’s coordinate with Cosign on whether to make that change, or whether to keep using the old compatible parameters (using EncryptWithCustomKDFParameters).

@mtrmac
Copy link
Collaborator Author

mtrmac commented Jul 21, 2023

Cosign’s update PR: sigstore/cosign#3128 .

Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 1, 2023

In the linked issue, Cosign is leaning towards keeping compatibility, at least for the very moment. Waiting for them to actually do that…

@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 11, 2023

Cosign, in sigstore/cosign#3183 , simply updated and started generating private keys non-consumable by older versions.

So, I guess, let’s do the same?

@mtrmac mtrmac marked this pull request as ready for review August 11, 2023 21:06
@vrothberg
Copy link
Member

So, I guess, let’s do the same?

SGTM

@TomSweeneyRedHat
Copy link
Member

LGTM

…rypted

The github.com/theupdateframework/go-tuf/encrypted subpackage is deprecated,
switch to the new location.

Separetely, this is a BREAKING change: the key encryption parameters of
encrypted.Encrypt have been changed, so the keys generated by the new code
can't be loaded by older implementations. (Old keys can continue to be
used by new implementations.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Copy link

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mtrmac mtrmac merged commit 8af79be into containers:main Aug 15, 2023
@mtrmac mtrmac deleted the encrypted-move branch August 15, 2023 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants