dd-trace-js icon indicating copy to clipboard operation
dd-trace-js copied to clipboard
verified publisher icon DataDog

add integrity checks for remote configuration

Open vdeturckheim opened this issue 3 years ago • 5 comments

What does this PR do?

This PR introduces TUF-like integrity checks for upcoming Remote configuration updates.

vdeturckheim avatar Jul 29 '22 13:07 vdeturckheim

Codecov Report

Merging #2236 (289c330) into master (6ec08d6) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2236   +/-   ##
=======================================
  Coverage   93.44%   93.44%           
=======================================
  Files         218      218           
  Lines        8334     8334           
=======================================
  Hits         7788     7788           
  Misses        546      546

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

codecov[bot] avatar Jul 29 '22 13:07 codecov[bot]

Just had a chat with @vdeturckheim and I now better understand what this is all doing. However, given how critical this code is, I would say to move it to some internal module (for example packages/tuf) that we could later on convert to an external library, and add as many links as possible in comments to what this is implementing.

rochdev avatar Aug 01 '22 14:08 rochdev

@kommendorkapten we could use tuf.js from sigstore.js in the near future 🙂

trishankatdatadog avatar Sep 14 '22 14:09 trishankatdatadog

@cedricvanrompay-datadog @trishankatdatadog would either of you two be interested in wrapping up this PR? If not, is it safe to close?

tlhunter avatar Dec 20 '23 00:12 tlhunter

Please do not delete. We still haven't decided that integrity checks must be done in the library, but if it happens one day I want to use this PR.

simon-id avatar Jan 08 '24 07:01 simon-id