You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#426 started an important conversation about the scope of the Attestation Framework, and about its compatibility and composability with adjacent tools/ecosystems that interact with in-toto attestations (e.g., DSSE, sigstore). The in-toto Bundle is one such interface between different layers and ecosystems that we think needs to be revisited.
Our current thinking is that in-toto jsonl formatted Bundles are a convenient batching method for signed in-toto attestations, but otherwise shouldn't impose any other constraints on non-in-toto content that may be included (see #426 (comment) and #426 (comment)). The reasoning for this is that the transport, storage and serialization format should fall out of the scope of the Attestation Framework.
The text was updated successfully, but these errors were encountered:
#426 started an important conversation about the scope of the Attestation Framework, and about its compatibility and composability with adjacent tools/ecosystems that interact with in-toto attestations (e.g., DSSE, sigstore). The in-toto Bundle is one such interface between different layers and ecosystems that we think needs to be revisited.
Our current thinking is that in-toto
jsonlformatted Bundles are a convenient batching method for signed in-toto attestations, but otherwise shouldn't impose any other constraints on non-in-toto content that may be included (see #426 (comment) and #426 (comment)). The reasoning for this is that the transport, storage and serialization format should fall out of the scope of the Attestation Framework.The text was updated successfully, but these errors were encountered: