Status update: - I've canceled the TUF *-v2 NEW package, prefering your advice to upgrade the existing package from v0.
- Upstream for rekor + sigstore-sigstore replied quickly that TUF v0 is deprecated for those projects, so we can patch it out. - I've uploaded sigstore-sigstore 1.8.10-2 to drop TUF. - I've uploaded rekor 1.3.6-2 to drop TUF. - I've uploaded golang-github-containers-image 5.32.2-5 to drop TUF. - Now nothing remains in Debian unstable that refers to TUF v0 any more, so I have uploaded TUF 2.0.2-1 to unstable (which will be needed by sigstore-go, and maybe other future packages). Let's hope this gently trickle down into testing so we are done with this migration... again, thanks for feedback and advice. /Simon
signature.asc
Description: PGP signature
