Jussi Kukkonen
Jussi Kukkonen
The Repository interface looks like it does largely because of needs from A) `verify_delegate` and B) `sign`: Both needed to be called on a Metadata object and former event took...
Currently `Repository.do_snapshot()` and `Repository.do_timestamp()` decide whether the update is needed by looking at whether the contents are up-to-date. This bypasses one case where timestamp and snapshot are needed: when the...
This comes from #2363 / #2359 : we should make the config somehow immutable once it's been used by Updater. This should be a difficult mistake to make: ``` updater...
I'd like to have a text I can link to that explains some of the things that affect the choices in TUF repository setup and (now that we have multiple...
Our JSON serialization is basically `json.dumps(metadata_obj.to_dict(), ...).encode("utf-8")` json.dumps() return value does not end in a newline. This means any files written with this content will not end in a newline:...
Metadata.sign(): ```python try: signature = signer.sign(bytes_data) except Exception as e: raise UnsignedMetadataError("Problem signing the metadata") from e ``` The reason we're catching Exception is that we have no idea what...
This happens on every windows builds but does not show up as overall failure since publish has been flaky. ``` Submitting coverage to coveralls.io... Traceback (most recent call last): File...
Once #2193 is merged, there is a repository module. The module is not really tested but should be. It's entirely possible that the module can't really be effectively unit tested...
Snapshot and Timestamp constructors try to be clever: self.meta = meta if meta is not None else {"targets.json": MetaFile(1)} and self.snapshot_meta = snapshot_meta or MetaFile(1) So they set the metafile...
This is not full thought out but I'm filing so it's not forgotten. https://docs.google.com/document/d/1QWBvpwYxOy9njAmd8vpizNQpPti9rd5ugVhji0r3T4c Sigstore client wants to use TUF to download files but wants to avoid the two mandatory...