It would be useful to cache TUF metadata and the downloaded artifacts: * less downloading is better for everyone * cached metadata is slightly more secure In practice this would mean mean using https://github.com/actions/cache with the sigstore application data dir and cache dir (or at least the tuf relevant subdirs) as the cache paths. It would make sense to verify that the cache is getting used with some debug logging in the self test (I'm assuming the default logging doesn't show this). I'm filing this now so I don't forget: I'll likely take a stab at this later myself if no-one has implemented by then