New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: provide possibility to add custom content to signer automation #68
Comments
That might make sense. That said I'd like to resist fixing things by making them customizable until we have established that the issue can't be fixed otherwise (the cost of customizability is paid by everyone but the benefits only go to the customizer). |
From #176: There are two separate cases here:
I can see at least two potential ways to implement:
|
I think it should be with every update, I'm in favour of a bit extra "nagging" to make sure the message comes through. For larger repos with many keyholders, there is a risk that the first message is not read thoroughly. I like the idea of having two files:
I think to start with, a shared message upon failure would be enough. |
New data to support this idea: I did not realize sigstore-probers alerts sigstore on-call if it's less than 15 days until expiry of root or targets (sigstore/sigstore-probers#207): this is a fine feature but preferably we should have had that information in the signing event message so I would have known to react and not bother on-call... Would be great if we could also include the current expiry date in either the root-signing custom message or maybe preferably just the signing event default message. |
Yes, having the expiry date in the messaging is a great idea! |
Today when a signing event happens the automation prints information like:
It would be a nice feature if each repository can add custom information on what to be displayed.
A solution could support data that is either complementary or replaces the output entirely.
The text was updated successfully, but these errors were encountered: