stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

fix tests. new product advisories enhancements

Browse Source
This commit is contained in:
master
2026-01-25 19:11:36 +02:00
parent c70e83719e
commit 6e687b523a
504 changed files with 40610 additions and 3785 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/security/trust-and-signing.md
View File

@@ -12,8 +12,11 @@ Guidance on DSSE/TUF roots, rotation, and signed time tokens.
- Verification in sealed mode uses bundled roots; no online Rekor needed.
- Rotate signing keys with overlapping validity; publish new root in next bundle.
## TUF (optional)
- If using TUF metadata, ship `root.json`, `snapshot.json`, `timestamp.json` with bundles.
## TUF (planned enhancement)
- **Current**: TUF metadata can be shipped with bundles (`root.json`, `snapshot.json`, `timestamp.json`).
- **Planned**: Full TUF client integration for dynamic trust metadata distribution.
- See: `SPRINT_20260125_001_Attestor_tuf_trust_foundation.md`
- See: `SPRINT_20260125_002_Attestor_trust_automation.md`
- In sealed mode, trust only bundled metadata; no remote refresh.
## Signed time tokens