-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 1.0 planning #191
Comments
same from rekor: I would like to add a cloudbuild + goreleaser when we release Fulcio then I have some questions:
|
Subscribing myself here -- if we do add a new one I need to add it to our root |
The googleca stuff needs to move to the 1.0 API |
Another one that came up with the keyless attestation breakage is that Let's Encrypt has a staging endpoint for tool developers to use to test against without worrying about stuff like quota, and doesn't use the actual CA cert as the root. Given that we can't even properly test things in cosign against Fulcio pre-submit, I think this is going to be a problem for tooling developers looking to integrate with cosign/fulcio. I won't outline all of my thoughts on this here, but if folks agree that it's a worthy v1 blocker, then we should open a parallel issue to track it. |
Should probably lock down the configuration prior to 1.0: #304 |
Not 100% configuration change should be 1.0 blocker. If only because it seems like it might take some time to finish up a refactor. I discussed it a bit here: #304 (comment) |
I have been thinking the same. fuclio has been operating in a stable manner for a while now. I will freeze the milestone and we can look at closing the release. cc @cpanato Let's chat on Monday about shipping. |
if need to change any configuration, maybe we can do that now and make a pre-release with deprecations and then plan the 1.0 removing the deprecations. |
@cpanato as I understand, it won't be a change of flags or a non backwards compatible change. At the moment we have a pattern of folks making proposals to add to 1.0, but not able to do the work and so we are seeing 1.0 pushed back and a moving target. For me the most important role of fulcio is the public good instance and what we have at present, which although I am sure can be improved over time, is currently functioning well. |
ahh got it, i think i misunderstood :( |
Everything here has been completed. Additional work is tracked here - https://github.com/orgs/sigstore/projects/5/views/1 |
The MVP is established now and other projects are leveraging fulcio, so its time to plan for 1.0
cc @cpanato
The text was updated successfully, but these errors were encountered: