- Issue created by @effulgentsia
- Assigned to phenaproxima
- πΊπΈUnited States tedbow Ithaca, NY, USA
@phenaproxima is working on updating the summary with instructions for how to test this using TUF metadata that is available in testing on drupal.org since the production TUF metadata is not ready yet
- π¬π§United Kingdom catch
Re-titling because I keep thinking this is about the governance issue and security review, which are more or less done at this point, whereas we still need to actually add the dependency to core. Would be good to get an MR up to add it.
- πΊπΈUnited States drumm NY, US
π Manually test TUF-enabled Composer projects Active is where weβve been getting some real-world testing
I think the memory usage looks a blocker: https://github.com/php-tuf/composer-integration/issues/127
Otherwise, we havenβt seen production issues in the last few weeks. When we do see them, they are hard to debug: https://github.com/php-tuf/composer-integration/issues/128
packages.drupal.orgis TUF-enabled. For core, thedrupal/*&php-tuf/*namespaces, there ispackagist-signed.drupalcode.orgto be added as another Composer repository. Iβm guessing we might want a separate issue for adding the repository beforepackages.drupal.org