Move the encrypted package away from go-tuf #476
Assignees
Labels
Comments
|
We may want to merge #470 before moving away from go-tuf |
5 tasks
lukehinds
added a commit
to mindersec/minder
that referenced
this issue
Jul 24, 2023
As per theupdateframework/go-tuf#476 Signed-off-by: Luke Hinds <[email protected]>
|
Closing since the code base changed and this is already moved to go-sslib. Thanks for raising this 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The encrypted package in go-tuf provides the functionality to encrypt/decrypt a given byte stream with another.
This is not relevant to the goal of the project and TUF in general. As a result, there are now projects which have go-tuf as their dependency only because of that.
In that sense, I think it would be right if this package is gradually deprecated here and moved to another project which better suits its functionality.
I'd say the https://github.com/secure-systems-lab/go-securesystemslib is a good choice.
Maybe https://github.com/sigstore/sigstore too, but I'm doubtful as sigstore uses it mostly in cosign to encrypt the keys one can generate with cosign (and if I'm not mistaken this command can be deprecated at some point).
Let's discuss what we think about that and what are the possible options 👍
The text was updated successfully, but these errors were encountered: