CLI: Limit user confusion over Rekor/Fulcio instance and state URLs #324
Comments
|
#351 is going to make this even more visible in at least a couple of places. It does things like: updater = TrustUpdater.production()
if args.ctfe_pem is not None:
ctfe_keys = [args.ctfe_pem.read()]
else:
ctfe_keys = updater.get_ctfe_keys()This happens in a place where either rekor or fulcio URL is non-default... but we end up loading production ctfe keys if none are provided by user |
|
Marking with 3.0, since we'll be able to remove a lot of these confusing state flags once we add |
|
just a thought - wouldn't it be better to call the flag |
I've seen this idea mentioned but I don't understand what exactly it would mean. I definitely don't think it's intuitively clear and would like to see the concept explained. |
At least in my English dialect, this can go either way: the "trusted root" is either the thing containing a whole bunch of trust material, or it's a single piece of trust material in a larger "trust bundle." The protobuf-specs use it in the former way (the |
|
ok that's fine, thanks 👍 |
|
This has been unblocked by upstream |
Follow-up from #323 (comment): the various CLI options that control the Fulcio and Rekor instance state aren't "all or nothing," meaning that a user might forget to pass one and end up with a confusing error somewhere deep in signing or verification (e.g., when they reach SCT verification).
This isn't dangerous, per se, but we can definitely improve the UX.
The text was updated successfully, but these errors were encountered: