Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new blog post about the signer API #2276

Merged
merged 1 commit into from
Jan 26, 2023
Merged

Add new blog post about the signer API #2276

merged 1 commit into from
Jan 26, 2023

Conversation

jku
Copy link
Member

@jku jku commented Jan 25, 2023

This gives some example application code for the new securesystemslib.signer API.

@jku
Copy link
Member Author

jku commented Jan 25, 2023

I think the easiest way to review is to read https://github.com/jku/python-tuf/blob/securesystemslib-blog/docs/_posts/2023-01-24-securesystemslib-signer-api.md -- only the header block is unhandled, otherwise it should look like the published post

@coveralls
Copy link

coveralls commented Jan 25, 2023
edited
Loading

Pull Request Test Coverage Report for Build 4013939676

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 98.139%
Totals Coverage Status
Change from base Build 4013469727: 0.0%
Covered Lines: 1344
Relevant Lines: 1361
💛 - Coveralls

@jku
Copy link
Member Author

jku commented Jan 25, 2023

CC @VickyMerzOwn: you mentioned you might be interested in reviewing

@jku jku force-pushed the securesystemslib-blog branch 3 times, most recently from f04fbc9 to abe96dc Compare January 25, 2023 19:32
lukpueh
lukpueh approved these changes Jan 26, 2023
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super cool post! I left two suggestions inline (feel free to ignore). Did you consider adding a third code example that showcases dynamic dispatch for public key and verification?

docs/_posts/2023-01-24-securesystemslib-signer-api.md Outdated Show resolved Hide resolved
docs/_posts/2023-01-24-securesystemslib-signer-api.md Outdated Show resolved Hide resolved
@jku
Add new blog post about the signer API
388768d 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the securesystemslib-blog branch from abe96dc to 388768d Compare January 26, 2023 09:38
@jku
Copy link
Member Author

jku commented Jan 26, 2023

Amended the commit with the two minor suggestions: both clarify that private key URIs are constructed while public keys are imported from the underlying signing system.

@jku
Copy link
Member Author

jku commented Jan 26, 2023

Did you consider adding a third code example that showcases dynamic dispatch for public key and verification?

I did... Since the application code looks exactly what it looked like before, it's not that interesting.

We of course know that the dispatch will enable GPG or sigstore keys but that's not really visible right now

@jku jku merged commit 7f04a6e into theupdateframework:develop Jan 26, 2023
@jku jku deleted the securesystemslib-blog branch December 30, 2024 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jku @coveralls @lukpueh