python-tuf

python-tuf copied to clipboard

**Description of issue or feature request**: Currently #1636 proposes three types of asserts for checking the state of local metadata: - `_assert_files_exist` - `_assert_content_equals` - `_assert_version_equals` These still have some...

sechkova

Can TUF be used to update offline systems, disconnected from the Internet?

7

Many of the most important computing systems, such as systems that manage root keys, or tabulate votes in elections, or secure other highly sensitive data, are kept offline and never...

nealmcb

compatibility: bottlerocket metadata uses microseconds in expiry

1

We have recently started to **not** accept microseconds in the expiry in an effort to be spec compliant. Testing ngclient against bottlerocket metadata fails because they use microseconds: https://updates.bottlerocket.aws/2020-07-07/aws-k8s-1.16/x86_64/timestamp.json *...

jku

ngclient: Test against other implementations

2

It would be good to have some client testing against repositories produced with other tuf implementations. I think there are two options in general (could choose one or both): *...

jku

compatibility: sigstore metadata expiry is incompatible

2

https://github.com/sigstore/root-signing/blob/main/repository/repository/1.root.json * expiry contains microseconds * expiry contains a timezone offset we don't consider this spec compliant and currently fail to load this metadata. Should file a bug on go-tuf...

jku

This might be a hard issue to close but I'd like it if it was easier to follow the client update process in the logs: It's certainly already possible with...

jku

**Description of issue or feature request**: After we merged #1815 I noticed multiple lines inside function docstrings are over 80 characters. Then I run a local scan with `black` (version...

MVrachev

**Description of issue or feature request**: Currently `test_updater_ng.py` is the single place where `ngclient/updater.py` is tested with an HTTP server instance serving files from the file system and not with...

sechkova

**Description of issue or feature request**: Consider different types of updates sequences that may exist in a repository and which the updater should be able to handle. Analyze their relevance...

sechkova

Updater feature request: verify chain of trust from bootstrapped root metadata

7

**Description of issue or feature request**: Context: * In order to comply with the detailed client workflow a TUF client must ship a bootstrap trusted root metadata file out-of band...

joshuagl