-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted #2054
Conversation
Cosign’s update PR: sigstore/cosign#3128 . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
In the linked issue, Cosign is leaning towards keeping compatibility, at least for the very moment. Waiting for them to actually do that… |
Cosign, in sigstore/cosign#3183 , simply updated and started generating private keys non-consumable by older versions. So, I guess, let’s do the same? |
SGTM |
LGTM |
…rypted The github.com/theupdateframework/go-tuf/encrypted subpackage is deprecated, switch to the new location. Separetely, this is a BREAKING change: the key encryption parameters of encrypted.Encrypt have been changed, so the keys generated by the new code can't be loaded by older implementations. (Old keys can continue to be used by new implementations.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
The
github.com/theupdateframework/go-tuf/encrypted
subpackage is deprecated, switch to the new location.Separately, this is a BREAKING change: the key encryption parameters of
encrypted.Encrypt
have been changed, so the keys generated by the new code can't be loaded by older implementations. (Old keys can continue to be used by new implementations.)Let’s coordinate with Cosign on whether to make that change, or whether to keep using the old compatible parameters (using
EncryptWithCustomKDFParameters
).