python-tuf issues

Create a `class HttpxFetcher(FetcherInterface)` for `httpx`

1

**Description of issue or feature request**: `requests` doesn't support HTTP/2 **Current behavior**: no `HttpxFetcher` **Expected behavior**: `HttpxFetcher` is implemented

KOLANICH

enhancement

`requests_fetcher` fails on `file:///` URIs because of `urlparse` fails on them

1

**Current behavior**: `DownloadError: Failed to parse URL file:///` **Expected behavior**: No error.

KOLANICH

lint: Start using ruff ruleset "flake8-bandit"

1

* Remove bandit * Add ruff ruleset "flake8-bandit" * verify_release is now checked by bandit * Avoid some asserts as suggested * ignore a subprocess.run lint: it seems dumb *...

jku

linting: Enable more ruff rulesets

6

ruff linter has 50 or so [rulesets](https://docs.astral.sh/ruff/rules/) that can be enabled. Currently we enable 6 good ones, but could enable more. ### Instructions * Pick a ruleset that is not...

jku

Lint use GitHub output format

2

Use `RUFF_OUTPUT_FORMAT=github` when on GitHub: this gives inline linter annotations

jku

Test "ruff check --output-format=github"

2

tox.ini contains a call to `ruff check`. Documentation talks about `--output-format=github` option that apparently might enable inline comments in github... We should test this: * add `--output-format=github` to the "ruff...

jku

good first issue

Test all components with DSSE

should make a ticket about this I suppose -- or maybe more generally about testing all components with DSSE _Originally posted by @jku in https://github.com/theupdateframework/python-tuf/pull/2436#discussion_r1482795299_

lukpueh

Change `securesystemslib.dsse.Envelope.signatures` to dict upstream

2

yeah, the TODO feels right -- even if the serialized format is a list, that's just `list(self.signatures.values())` away if self.signatures is a dict _Originally posted by @jku in https://github.com/theupdateframework/python-tuf/pull/2436#discussion_r1482773245_

lukpueh

repository: maybe provide a Repository.get_delegating_role()

2

I wonder if `Repository.get_delegating_role(role: str) -> str` would be useful * In my implementations I end up looking up the delegating role of a role quite a lot. * if...

jku

Yearly maintainer permissions review

This is a checklist for evaluating python-tuf maintainer accounts and permissions. This issue is automatically opened once a year. ### Tasks 1. Update this list to include any new services...

github-actions[bot]

python-tuf
python-tuf copied to clipboard

Metadata

Create a `class HttpxFetcher(FetcherInterface)` for `httpx`

`requests_fetcher` fails on `file:///` URIs because of `urlparse` fails on them

lint: Start using ruff ruleset "flake8-bandit"

linting: Enable more ruff rulesets

Lint use GitHub output format

Test "ruff check --output-format=github"

Test all components with DSSE

Change `securesystemslib.dsse.Envelope.signatures` to dict upstream

repository: maybe provide a Repository.get_delegating_role()

Yearly maintainer permissions review

← Metadata

Owner

Metadata

python-tuf python-tuf copied to clipboard

Metadata

← Metadata

Owner

Metadata

python-tuf
python-tuf copied to clipboard