Jussi Kukkonen
Jussi Kukkonen
another related issue is including microseconds -- my reading is that they are not allowed as the format string is specified: > The expected format of the combined date and...
I realize the following is not useful to solve the problem that we have now but I'll say this to any future developers thinking of a similar workaround: _Redefining an...
> I'll leave it to @jku since he's best suited to review this one Sorry, I'm unlikely to have a real look in the next weeks.
For the record, I'm not suggesting go-tuf should necessarily reject "X.Y" in existing metadata, I'm suggesting go-tuf probably should not create new metadata with "X.Y": this seems not specification compliant....
My current thinking is that we should define two levels of _trusted metadata_: * **trusted in the interim**: metadata that fulfills all requirements for being trusted (as now defined in...
Just to document the issues with rollback checks: the intent seems to be that * expired timestamp can be used to do rollback checks on new timestamp * expired snapshot...
This idea is close, but not the same, as the one we've been talking about with regards to pip: * Pip install will contain an initial copy of the metadata...
Call me cynical but I'm doubtful that generic defenses work in practice here -- one persons flaky mobile connection is another persons slow retrieval attack. I think the ideas are...
I agree with this (as you can see in python-tuf I'd like to internally handle signatures as a dict for same reasons). > New: > ``` > "signatures": [ >...
> > Can someone explain why there need to be these rules about which metadata needs to be deleted in which rotation cases... or have I misunderstood something? > >...