Make targets expiry very long #126
Comments
|
To be clear, I intend to propose this for production too once that time comes |
|
I totally agree on changing the targets expiration to a long time. |
Isn't this repo staging?
And, importantly, no real loss in security, right? I agree with the decision to extend the expiry period of targets metadata to a long time. I think it's worth capturing the rationale somewhere in the project's documentation, as this may appear counterintuitive on first examination. |
Yeah my phrasing was not ideal: I just meant that I used the same expiry period value as snapshot since the logic for both is kind of the same: We want to sign these files but think there is no need for them to expire in our case so chose the value 10 years.
Yes, this is my understanding: There is no scenario where offline targets resigning (without key rotations) makes the repository more secure. Short documentation makes sense: it should capture at least:
|
|
This is now done. #129 exist for documenting rationale |
There's currently open signing events for both root and targets. We could just sign them ... but how about this as a plan:
This should get us the same advantages (mainly regular test for root key existence) with signing events that are smaller (so easier to review)
I will make a change in one of the open signing events to implement this: feel free to voice a differing opinion though.
CC @kommendorkapten @joshuagl @mnm678 @haydentherapper
The text was updated successfully, but these errors were encountered: