Jussi Kukkonen
Jussi Kukkonen
https://theupdateframework.readthedocs.io/en/stable/ works great and automatically updates based on release tags. But it's hard to see which release the docs are actually for... I'm not sure if the solution is to...
We already have `TargetFile.from_data() / TargetFile.from_file()` to calculate hashes and length for a target. We should optionally support hashes and length for Metafile too (but likely the API is not...
We have recently started to **not** accept microseconds in the expiry in an effort to be spec compliant. Testing ngclient against bottlerocket metadata fails because they use microseconds: https://updates.bottlerocket.aws/2020-07-07/aws-k8s-1.16/x86_64/timestamp.json *...
It would be good to have some client testing against repositories produced with other tuf implementations. I think there are two options in general (could choose one or both): *...
https://github.com/sigstore/root-signing/blob/main/repository/repository/1.root.json * expiry contains microseconds * expiry contains a timezone offset we don't consider this spec compliant and currently fail to load this metadata. Should file a bug on go-tuf...
This might be a hard issue to close but I'd like it if it was easier to follow the client update process in the logs: It's certainly already possible with...
Updater should _in some way_ support parallel downloads. This came up because I found an obscure corner in pip that does index file downloads in parallel in pip (`pip list...
```python class DerivedMetadata(Metadata): def ok(self): print("ok") md = DerivedMetadata.from_file("root.json") md.ok() # fails because md type is Metadata, not DerivedMetadata ``` This seems to happen because the construction path goes *...
From #1317: When client downloads files it does not always need them written into an actual file, often it just wants the content: providing API the returns just bytes would...
On my machine ~40% of the tests runtime (11seconds out of 27 seconds) seems to be spent on decrypting private keys. This seems unproductive. We should not encrypt the keys...