Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move TAP 8 to accepted #187

Merged
merged 3 commits into from
Apr 15, 2024
Merged

Move TAP 8 to accepted #187

merged 3 commits into from
Apr 15, 2024

Conversation

mnm678
Copy link
Contributor

@mnm678 mnm678 commented Mar 26, 2024

No description provided.

mnm678 added 2 commits March 26, 2024 08:55
@mnm678
Remove remaining references to revocation and add implementation
27e2159 
revocation has been moved ot TAP 20.

Signed-off-by: Marina Moore <[email protected]>
@mnm678
Move TAP 8 to accepted
041c2d9 
Signed-off-by: Marina Moore <[email protected]>
@mnm678 mnm678 mentioned this pull request Apr 9, 2024
Merged
@mnm678 mnm678 requested review from jkjell and lukpueh April 11, 2024 13:30
jkjell
jkjell reviewed Apr 11, 2024
View reviewed changes
Copy link
Contributor

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I'm not sure if an optional/conditional client workflow is typically documented but, I asked for my own knowledge at least. 😅

tap8.md Outdated Show resolved Hide resolved
tap8.md Show resolved Hide resolved
lukpueh
lukpueh previously approved these changes Apr 12, 2024
View reviewed changes
Copy link
Member

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

I must say though that I don't quite understand the sections about TAP 4 and TAP 3: Half of the TAP 4 section talks about mirrors, which are not related to TAP 4, and the other half is a bit vague ("repository manager must ensure that they have the same set of trusted keys after all rotations" ... who are they and why?). And the section about TAP 3 seems to describe the same rotation process as without TAP 3. Or am I missing something?

Either way, I don't think these two sections should block the TAP. The basic idea sounds reasonable to me.

Unfortunately, the POC seems outdated, but IIUC the official (and lived) TAP process does not required a full implementation before the final status.

@mnm678 @jkjell
Apply suggestions from code review
7e3d4da 
Co-authored-by: John Kjell <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
@mnm678
Copy link
Contributor Author

mnm678 commented Apr 15, 2024

Thanks for the reviews @lukpueh @jkjell! I pushed a suggested change, which dismissed the reviews. If you could re-approve this should be good to go.

@lukpueh The TAP 3 process is basically the same, that section is just describing the compatibility.

@trishankatdatadog
Copy link
Member

Thanks all for moving this long-outstanding TAP fwd.

I can't speak for @jku, but we have some reservations about the complexity this TAP adds, although we understand the value it could add to OSS package registries like PyPI, so we probably weren't the best people to review it.

Thanks again!

@mnm678 mnm678 merged commit 683cc5d into theupdateframework:master Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh approved these changes

@jkjell jkjell jkjell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mnm678 @trishankatdatadog @jkjell @lukpueh