Mikhail Swift
Mikhail Swift
> I don't know if this is a feature for witness or for in-toto-golang. As far as I understand the code in witness, you are not using in-toto-golang's signing features...
For what my 2 cents is worth, > How often does someone append signatures on to an envelope and then trigger an upload without knowing the public key of the...
I've only been able to work on this sporadically through the last week, but so far this is the rough code I have going down the path of option 1:...
Do you have a reasoning for why you think we shouldn't?
More details please. It should be easy enough to get the hash each submodule is locked on from go-git. If the submodule is pulled and in the working directory witness...
If this means to run the git attestor on each submodule repo that should be fairly easy to do as well -- assuming again that the submodule has been pulled.
Gotcha, we should be copying and filling out these issues with the relevant information when the issue is created
Sorry for the delay in getting this finished up -- lost power over the weekend. I'm going to try and get this cleaned up and a full PR up today.
Hi, @max-allan-surevine We definitely appreciate the feedback and agree that the documentation needs a bunch of love and is not currently in an acceptable state for new users. It is...
For attestor issues go-witness is the best place :). We will definitely want to modify that to use CI_SERVER_URL instead.