python-tuf

python-tuf copied to clipboard

client/updater design: parallel downloads

1

Updater should _in some way_ support parallel downloads. This came up because I found an obscure corner in pip that does index file downloads in parallel in pip (`pip list...

jku

Add test guidelines

8

The [contribution docs say](https://github.com/theupdateframework/tuf/blob/develop/docs/GOVERNANCE.md#contributions), new software features or changes must be unit tested, but the current test suite is a mix of unit-, integration-, system-, regression-, etc. tests. It would...

lukpueh

Metadata API: Metadata "factory" constructors misbehave with inheritance

11

```python class DerivedMetadata(Metadata): def ok(self): print("ok") md = DerivedMetadata.from_file("root.json") md.ok() # fails because md type is Metadata, not DerivedMetadata ``` This seems to happen because the construction path goes *...

jku

ngclient: feature request "download target as bytes"

2

From #1317: When client downloads files it does not always need them written into an actual file, often it just wants the content: providing API the returns just bytes would...

jku

tests: reconsider encrypted private keys

4

On my machine ~40% of the tests runtime (11seconds out of 27 seconds) seems to be spent on decrypting private keys. This seems unproductive. We should not encrypt the keys...

jku

New API: Don't hardcode metadata files extension

1

**Description of issue or feature request**: In a review of a pr adding additional classes in the metadata API, @sechkova noticed that we have hardcoded the usage of JSON files...

MVrachev

Reinstate full protection against slow retrieval attacks

15

**Description of issue or feature request**: #781 updated tuf's downloader module to use [`requests`](https://github.com/psf/requests) instead of custom networking code, to fix issues with HTTPS proxies. This change, however, deprived TUF...

lukpueh

Add an FAQ and/or high-level overview of how to integrate TUF

3

We are often asked the same questions regarding delegations, how to organize TUF metadata, key management, etc. There should be an FAQ page for these sorts of questions. The [Survivable...

vladimir-v-diaz

Add exception handling guidelines

4

Which exceptions should be handled, which exceptions should be propagated to the user? When should we use custom exceptions, when should we use built-in exceptions? etc... The Google Python style-guide...

lukpueh

logging in test runner / CI : higher log level but only print failing tests

3

We should do what in-toto does: have the test runner output much more logging but only for failing tests. This should be especially useful for CI but also for developers....

jku