Description
Before #4959, signers using Rekor via the TUF signing config were required to agree to a privacy statement, including an immutable record warning.
However, signers using Rekor via a manually-provided signing config were not required to agree to the statement.
Furthermore, #4959 requires that ALL signers with a signing config containing ANY transparency log(s) are required to agree to the statement.
For the sake of consistency, this issue proposes either:
- removing the privacy statement, or
- limiting the requirement to all signers using Rekor.
Description
Before #4959, signers using Rekor via the TUF signing config were required to agree to a privacy statement, including an immutable record warning.
However, signers using Rekor via a manually-provided signing config were not required to agree to the statement.
Furthermore, #4959 requires that ALL signers with a signing config containing ANY transparency log(s) are required to agree to the statement.
For the sake of consistency, this issue proposes either: