Jussi Kukkonen
Jussi Kukkonen
I think this might be a good idea, and I'm even thinking python-tuf might not have to do anything here except add the dependency: With the current state of the...
I've not reviewed properly but I'll write down some early high level worries: * we can't just change the security properties that the implementation has: previously it was not possible...
> this requires that key ids and roles do not contain any "." :eyes:
> My current motivating example for this TAP mostly involves targets rotation (like for delegated targets in a PEP 480 style design), but there are other potential uses for rotating...
> The version numbers of the rotate files don't relate to the version of the metadata, but are rather used to determine the order of the rotate files in the...
Uh you are right, my last comment doesn't make sense, sorry. The original point about the ordering still stands: * We need to choose a timestamp-rotate version to decide if...
I'd like to close this, would that be ok? I understand that this is a POC for the TAP, but looking at it from python-tuf maintainer perspective this likely requires...
I'll close this since no comments: please reopen when you feel like it.
> wait for a new securesystemslib release before we release a new python-tuf so we don't want to make a python-tuf release that depends on `securesystemslib < 0.32` first? that...
Oh this is going to be a nightmare if we allow "diamond" delegation structure (mutliple roles in different delegating metadata delegating to same name)