-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] Rehome io.intoto
namespace under dev.sigstore
?
#98
Comments
If we're modifying the definition, I agree we should move it to the Sigstore package namespace. Don't feel incredibly strongly about this though, and to your second point, I'm not sure if there's a precedent we should be following. |
The changes we have made are only for code generation (i.e what package name the generated code should be in)? All other changes made it upstream I believe. I don't consider renaming the protiobuf package that important, Actually I think it can potentially benefit from staying in To keep the definition in sync, I wonder if we could do some trick with dependabot to get notified when a new release of SSL exists? |
This repository currently contains a copy of the in-toto envelope message definitions, tweaked slightly to influence code generation:
https://github.com/sigstore/protobuf-specs/blob/85dce20afb5e8ad9e170328abb7ff2e61b758958/protos/envelope.proto
These message definitions currently declare their package namespace as
io.intoto
, which is consistent with the original definition in the DSSE spec repo:https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto
Based on the conversation in #86, IMO it may make sense to change the package namespace to
dev.sigstore.intoto
or similar here:On the other hand:
package
namespace definition?CC @znewman01 @bobcallaway @haydentherapper for opinions here.
The text was updated successfully, but these errors were encountered: