Update README with an example that works #16
Conversation
Signed-off-by: Zach Steindler <[email protected]>
| $ go run cmd/sigstore-go/main.go -tufRootURL tuf-repo-cdn.sigstore.dev examples/bundle-provenance.json | ||
| Verification successful! | ||
| ``` | ||
| You can also specify a TUF root with something like `-tufRootURL tuf-repo-cdn.sigstore.dev`. | ||
|
|
||
| Alternatively, you can install a binary of the CLI like so: |
There was a problem hiding this comment.
Is this binary meant for typical users or just for testing?
There was a problem hiding this comment.
That's correct - the binary is to illustrate how to use the library, and is not intended to be fully functional like other Sigstore CLI tools (e.g. cosign).
There was a problem hiding this comment.
Do we want to make a note of that in the README?
There was a problem hiding this comment.
... of course, after I push additional language, I notice right below it we also have:
Sigstore already has a canonical Go client implementation, cosign, which was developed with a focus on container image signing/verification. It has a rich CLI and a long legacy of features and development.
sigstore-gois a more minimal and friendly API for integrating Go code with Sigstore, with a focus on the newly specified data structures in sigstore/protobuf-specs.
There was a problem hiding this comment.
I think your clarification helps - The quote does not explicitly say that sigstore-go as a CLI is discouraged.
Signed-off-by: Zach Steindler <[email protected]>
Summary
I was doing some testing with sigstore-go, and I noticed the README examples were out of date, so I think we should update them.
Release Note
NONE
Documentation
N/A