Hi,
I have two issues, where in particular I would value Simon's feedback,
but I think they could be of general interest.
1. We're considering adding an optional context hash to leaf signatures,
outlined in
https://git.glasklar.is/sigsum/project/documentation/-/merge_requests/125.
This brings more flexibility, but also some new ways to misconfigure
stuff.
We'll discuss this again on Tuesday's Sigsum weekly. If you have
feedback before then, that would be very nice. That's rather short
notice, though, so if you want to read and think about it and provide
feedback later, please say so now. It would be nice to wrap up
discussion and come to a decision, but it's not urgent.
2. Elias noticed that the --version option doesn't work as expected for
the sigsum-go tools in debian. See
https://git.glasklar.is/sigsum/core/sigsum-go/-/issues/150
I think we need additional hooks to make this easy to set
appropropriately in the packaging. Suggestions on how to do this in a
good way is appreciated. It would be nice if we could get this improved
for the next sigsum-go release, which will likely happen in a week or
two.
Regards,
/Niels
