aboutsummaryrefslogtreecommitdiff
path: root/archive/2021-12-07--meeting-minutes
blob: 913d92a0442dae5c62a96fc17a6903d3a9d0d9cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Date: 2021-12-07 1200 UTC
Meet: https://meet.sigsum.org/sigsum
Chair: rgdd

Agenda
	* Hello
	* Status round
	* Decisions
	* Next steps

Hello
	* rgdd
	* ln5

Status round
	* [rgdd] implemented open-ended shard interval
		* https://git.sigsum.org/sigsum/commit/?id=4ea13eb1ceee1610d9044965c1a90b6d5443518b
		* sigsum-log-go @ tag v0.3.2
	* [ln5] deployed v0.3.2 as new shard "glass-frog"
	* [ln5] made some progress on SSH signing format
		* it appears that ssh uses ed25519 without prehashing the ssh struct
		* ssh-keygen -Y only implements SHA512 for H(message), spec says SHA256 is supported
		* need: verify the above by signing with ssh-keygen, verify manually in python nacl

Decisions
	* None

Next steps
	* [rgdd] fix work packages
	* [ln5] SSH signing format (continued)
	* [ln5] sysadmin work, onboarding of new sysadmin

Other useful links
	* RFCs that are relevant for the ssh signing format proposal
		* https://datatracker.ietf.org/doc/html/rfc8709
		* https://datatracker.ietf.org/doc/html/rfc8032
	* GitHub adds support for sigstore's cosign tool
		* https://github.blog/2021-12-06-safeguard-container-signing-capability-actions/