Wipe and restart
Closed this issue · 1 comments
jku commented
I plan to nuke this repository and start over:
- plan is still for this to be a long lived TUF repository that tests/demos/etc can trust to exist in a valid state
- tuf-on-ci is the tooling I want to use for that
- Importing the current repository metadata is possible but I won't do that because
- some changes are going to be needed anyway (like succinct delegations will go away)
- I don't want to spend the time on tweaking that
So apologies for the disruption but this repository will start again with new 1.root.json today.
1607 timestamp versions and 2 years was a decent run for this version.
jku commented
My plan based on last 2 years of experience makes the key setup look a little different from a "production repo":
- root has multiple signers, threshold 1
- root threshold is kept low as
- the security is not that critical: this is not a production repo
- the keys are likely low value keys that may get lost or wiped, maintainer attention is likely fleeting
- delegated roles can have more interesting threshold setups for testing
- anyone in the TUF community who wants to add things to a live repository can become a signer