Hi Leo, Thank you so much for your interest in packaging this! -- I've noticed that it is a dependency of containers/image for image signing, and have looked at this package before. Unfortunately, I got intimidated with the sheer number of unpackaged dependencies that it requires. Maybe this has improved since the last time I looked at it? In any case, I've decided to patch the source to disable signing functionality to avoid requiring code from sigstore, which is of course very unfortunate.
Let me know if you could use another set of eyeballs or help with this package. It surely seems intimidating (at least to me). best, -rt On Wed, Jan 18, 2023 at 3:21 PM Leo Antunes <cost...@debian.org> wrote: > Package: wnpp > Severity: wishlist > Owner: Leo Antunes <cost...@debian.org> > > * Package name : golang-github-sigstore-sigstore > Version : 1.5.1-1 > Upstream Author : The Sigstore Authors <i...@sigstore.dev> > * URL : https://github.com/sigstore/sigstore > * License : Apache-2.0 > Programming Lang: Go > Description : Common go library shared across sigstore services and > clients > > sigstore/sigstore contains common Sigstore code: that is, code shared > by infrastructure (e.g. Fulcio and Rekor) and Go language clients (e.g. > Cosign and Gitsign. > > -- regards, Reinhard
