Jussi Kukkonen
Jussi Kukkonen
Closing for now to cleanup issue list, please reopen if you get to it later.
I'm worried this will break things downstream (at least all kinds of test suites in applications, maybe even actual application code)... so maybe not worth fixing unless someone is willing...
Alternatively if this is acceptable to these users: we could start supporting things like `If-None-Match` in our http requests... this definitely has some security implications as well, and does not...
from an API perspective this is not an issue. One option is: ```python updater = Updater(...) try: # try to load with local metadata only updater.refresh(local_cache_only=True) except ExpiredMetadataError: # load...
So I've de done two design attempts so far... 1. client config `lazy_refresh=True` -- major issue here is that it gives timestamp signer way too much power: a single timestamp...
I'll leave some comments for ngclient since I think that's the easy case: * I'm pretty happy with what is in `tuf/ngclient/__init__.py`: that really defines the public ngclient API. Defining...
Oh there was a sort of question there in the end, sorry for missing that. Either way works for me
sure, please do! * sphinx and autodoc are ... unique, so you'll likely have to experiment a bit to get results: autodoc docs are here https://www.sphinx-doc.org/en/master/usage/extensions/autodoc.html . Feel free try...
for reference my workaround looks like this when I create online roles: ```python if role == "timestamp": md = Metadata(Timestamp()) # workaround https://github.com/theupdateframework/python-tuf/issues/2307 md.signed.snapshot_meta.version = 0 else: md = Metadata(Snapshot())...
> What about None as default Can you explain more about how that is different from a 0? Is the idea that the value is something that prevents serialization from...