Joshua Lock

Thanks for commenting @justincormack! If I recall context correctly, this issue was originally triggered by an observation that how we describe the TUF metadata is file-centric (i.e. in section [4....

Related issue https://github.com/theupdateframework/specification/issues/144

Another item from [this discussion](https://github.com/theupdateframework/specification/pull/150/files#r710834950) in #150: > we should stop talking about "deleting files", or at least make that a secondary aspect: what is important is that the client...

[This comment](https://github.com/theupdateframework/specification/pull/150#issuecomment-1007282693) from @jku in #150 is especially relevant to this discussion.

Trishank shared some wisdom during a PEP 458/Warehouse integration discussion that I think is worth capturing as a recommendation in the secondary literature. Paraphrasing his advice: > keep a pinned...

Other potential secondary literature topics: 1. how to initialise trust from a local copy of the metadata #108 2. techniques for recovering from an interrupted update #69, or how to...

Another topic to include: * How to handle races with threshold signing theupdateframework/tuf#969

* Provide some guidance for the application set value of Y (maximum number of new root files to download) in [5.3](https://theupdateframework.github.io/specification/v1.0.28/index.html#update-root).3 (see related issue in python-tuf https://github.com/theupdateframework/python-tuf/issues/1577)

* Repository publishing recommendations: atomic/single transaction OR bottom-up (with caveats about raciness), as discussed in #223

Section 5.4 of the [Mercury paper](https://theupdateframework.io/papers/prevention-rollback-attacks-atc2017.pdf) (section 5.4) suggests that a package manager bundle both root and snapshot metadata in order to offer some rollback protection.