From 936bc04738f7121030336e77c1c28e90818caef3 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Fri, 1 Sep 2023 15:52:30 +0300
Subject: [PATCH] Spx: Make SpxKey not part of default keyset

Clients that want to enable SPHINCS keys can easily do that with
  KEY_FOR_TYPE_AND_SCHEME[("sphincs", "sphincs-shake-128s")]: SpxKey

This makes Spx and Sigstore behave similarly.
---
 securesystemslib/signer/__init__.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/securesystemslib/signer/__init__.py b/securesystemslib/signer/__init__.py
index 2ededf4c..6f8afbcc 100644
--- a/securesystemslib/signer/__init__.py
+++ b/securesystemslib/signer/__init__.py
@@ -38,6 +38,10 @@
     }
 )
 
+# Signers with currently unstable metadata formats, not supported by default:
+#   SigstoreSigner,
+#   SpxSigner (also does not yet support private key uri scheme)
+
 # Register supported key types and schemes, and the Keys implementing them
 KEY_FOR_TYPE_AND_SCHEME.update(
     {
@@ -54,9 +58,12 @@
         ("rsa", "rsa-pkcs1v15-sha256"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha384"): SSlibKey,
         ("rsa", "rsa-pkcs1v15-sha512"): SSlibKey,
-        ("sphincs", "sphincs-shake-128s"): SpxKey,
         ("rsa", "pgp+rsa-pkcsv1.5"): GPGKey,
         ("dsa", "pgp+dsa-fips-180-2"): GPGKey,
         ("eddsa", "pgp+eddsa-ed25519"): GPGKey,
     }
 )
+
+# Keys with currently unstable metadata formats, not supported by default:
+#       ("sphincs", "sphincs-shake-128s"): SpxKey,
+#       ("sigstore-oidc", "Fulcio"): SigstoreKey,