Bug#1085855: marked as done (ITP: timestamp-authority -- RFC3161 Timestamp Authority)

Tue, 12 Nov 2024 11:04:31 -0800 

Your message dated Tue, 12 Nov 2024 19:00:12 +0000
with message-id <e1taw7y-007pus...@fasolo.debian.org>
and subject line Bug#1085855: fixed in 
golang-github-sigstore-timestamp-authority 1.2.3-1
has caused the Debian Bug report #1085855,
regarding ITP: timestamp-authority -- RFC3161 Timestamp Authority
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1085855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085855
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <si...@josefsson.org>

* Package name    : timestamp-authority
  Version         : 1.2.3-1
  Upstream Author : sigstore
* URL             : https://github.com/sigstore/timestamp-authority
* License         : Apache-2.0
  Programming Lang: Go
  Description     : RFC3161 Timestamp Authority

 Sigstore Timestamp Authority
 .
 A service for issuing RFC 3161 timestamps
 (https://datatracker.ietf.org/doc/html/rfc3161).
 .
 Timestamps conform to the RFC 3628 policy
 (https://datatracker.ietf.org/doc/html/rfc3628). The timestamp structure
 conforms to the updates in RFC 5816
 (https://datatracker.ietf.org/doc/rfc5816).
 .
 Security model
 .
 Trusted timestamping
 (https://en.wikipedia.org/wiki/Trusted_timestamping) is a process that
 has been around for some time. It provides a timestamp record of when a
 document was created or modified.
 .
 A timestamp authority creates signed timestamps using public key
 infrastructure. The operator of the timestamp authority must secure the
 signing key material to prevent unauthorized timestamp signing.
 .
 A timestamp authority should also verify its own clock. We provide a
 configuration to periodically check the current time against well-known
 NTP sources.
 .
 Timestamping within Sigstore
 .
 Timestamps are a critical component of Rekor
 (https://github.com/sigstore/rekor), Sigstore's signature transparency
 log. Timestamps are used to verify short-lived certificates. Currently,
 the timestamp comes from Rekor's own internal clock, which is not
 externally verifiable or immutable. Using signed timestamps issued from
 timestamp authorities mitigates the risk of Rekor's clock being
 manipulated.
 .
 As a artifact signer, you can:
 .
  * Generate a signature over an artifact
  * Fetch a timestamp for that signature (more below in What to sign)
  * Upload the signature, artifact hash, and certificate to Rekor
    (hashedrekord record type)
  * Upload the timestamp to Rekor (rfc3161 record type)
        * This step is important because it makes the timestamps publicly
        auditable

I hope to maintain this package as part of Debian Go Packaging Team:

https://salsa.debian.org/go-team/packages/timestamp-authority

/Simon

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: golang-github-sigstore-timestamp-authority
Source-Version: 1.2.3-1
Done: Simon Josefsson <si...@josefsson.org>

We believe that the bug you reported is fixed in the latest version of
golang-github-sigstore-timestamp-authority, which is due to be installed in the 
Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1085...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated 
golang-github-sigstore-timestamp-authority package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 22 Oct 2024 22:53:39 +0000
Source: golang-github-sigstore-timestamp-authority
Binary: golang-github-sigstore-timestamp-authority-dev
Architecture: source all
Version: 1.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Description:
 golang-github-sigstore-timestamp-authority-dev - Sigstore RFC3161 Timestamp 
Authority (Go library)
Closes: 1085855
Changes:
 golang-github-sigstore-timestamp-authority (1.2.3-1) unstable; urgency=medium
 .
   * Initial release (Closes: #1085855)
Checksums-Sha1:
 90a07721581eebec588224117af775fb4d4e55b0 2689 
golang-github-sigstore-timestamp-authority_1.2.3-1.dsc
 04c250835bfe23026f45789d2e6b2fa16dfe9235 124907 
golang-github-sigstore-timestamp-authority_1.2.3.orig.tar.gz
 91c200e016f5d110b272a45b6f2f1bc2e1d6fa68 3128 
golang-github-sigstore-timestamp-authority_1.2.3-1.debian.tar.xz
 d948b973ac140509cf02ca1d74420cb3d9a0310d 75704 
golang-github-sigstore-timestamp-authority-dev_1.2.3-1_all.deb
 a8633e51fc98ed2da04351537b9c39b609d78454 26327 
golang-github-sigstore-timestamp-authority_1.2.3-1_amd64.buildinfo
Checksums-Sha256:
 ae0aca6e7cdf88fdbe856b85fb28aec798e374ea7955954194033300c585344c 2689 
golang-github-sigstore-timestamp-authority_1.2.3-1.dsc
 396e2ef20fe54eb8c2316b1fbd5981419026b510753bd979c692cf6db672fe77 124907 
golang-github-sigstore-timestamp-authority_1.2.3.orig.tar.gz
 6dc49944dd276e5a9369742ea3c4bc37c398ef8904066c14c83d8abcc45f46e5 3128 
golang-github-sigstore-timestamp-authority_1.2.3-1.debian.tar.xz
 07b7e68d7aea0005676c94f3a6637722aff84a6ab1e756c511e3956717f52ec7 75704 
golang-github-sigstore-timestamp-authority-dev_1.2.3-1_all.deb
 ce11408fae7ee941e73922e8eede80f5ffd3b4855452e5849b46c7d3fedf4c6e 26327 
golang-github-sigstore-timestamp-authority_1.2.3-1_amd64.buildinfo
Files:
 50e3562970c7a416f9bf0cf40984b305 2689 golang optional 
golang-github-sigstore-timestamp-authority_1.2.3-1.dsc
 1a5157999775271e37caf599df0f2489 124907 golang optional 
golang-github-sigstore-timestamp-authority_1.2.3.orig.tar.gz
 39e85c8509d3a3f4d61092cac26f1814 3128 golang optional 
golang-github-sigstore-timestamp-authority_1.2.3-1.debian.tar.xz
 96d3519bc22eb834437f5300631d223d 75704 golang optional 
golang-github-sigstore-timestamp-authority-dev_1.2.3-1_all.deb
 869eacd8966025eb520cd2fb21aec9b0 26327 golang optional 
golang-github-sigstore-timestamp-authority_1.2.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZxuiIhQcc2ltb25Aam9z
ZWZzc29uLm9yZwAKCRBRcisI/kdFolTNAPoDDN4z3TLnT7rNNZ2dSDNaDRovm2Se
jH66kArFRR4LUwD/arSUJMXFmhuX26rRCJesVFiMl3PAidlx4BcUp8ZcPAA=
=QDgY
-----END PGP SIGNATURE-----

Attachment: pgpWRzonXajGq.pgp
Description: PGP signature


--- End Message ---

Reply via email to