Justin Cappos
Justin Cappos
I'm a little concerned that if path_hash_prefixes and paths is omitted, it isn't immediately obvious by reading the resulting targets file that this should be delegating everything. I would prefer...
Thanks for the feedback / question! The timestamp role contains the hash, version, and size of the snapshot. These should either all match, or all fail together if the information...
Short answer: Yes, it is safe to only have version numbers of targets files listed in snapshot. Long answer: https://www.usenix.org/system/files/conference/atc17/atc17-kuppusamy.pdf On Thu, May 19, 2022 at 10:05 PM Erick Tryzelaar...
> Ideally, the TUF specification would be much more formal. (We should look > into a suitable language.) I'm not at all in favor of this. Clarity is good, but...
> A good name solves half the problem! Yep, using it everywhere is the most important half. Justin
I'd also flag uses of the term 'rotate' as a specific concern, especially with TAP 8 looming. We need to be very precise about what is meant.
Hmm, this is interesting. I imagine a scenario where this would happen is when you retrieve a (now very large) targets file but cannot persist it. I'm not fully sure...
Okay, I'd like to discuss this with you, @Marina Moore , and @Trishank Kuppusamy (if he has time). We had discussions about a design similar to this in the past...
Sure, how about 2PM Monday? Anything we all should read / prep for the meeting? On Fri, Apr 5, 2019 at 12:11 PM Trishank K Kuppusamy < [email protected]> wrote: >...
This is a good suggestion. We have a document like this for the automotive variant of TUF (Uptane) called the Deployment Considerations ( e.g., see part of it here: https://uptane.github.io/deployment-considerations/repositories.html...