libraries: make a release
tasn opened this issue · comments
We need to make a release of the libraries
Would probably need to name the libraries to specify that they only do verification.
They also do signing. How would you recommend they should be named? The plan was standard webhooks.
Wouldn't different codebases use those functions? Signing by producer, verifying by the consumer? Small modular libraries are much more preferable similar to how opentelemetry org does things.
The code has a lot of overlap, and the same dependencies (cryptography library), so I don't necessarily think splitting it is that useful. On the other hand it saves a lot of operational complexity not having yet another set of libraries.