Marina Moore

> It could be helpful if the specification explicitly delineated between these two types of requirement so that implementers can more easily make informed decisions. In many cases the delineation...

We need to update this milestone. The Notary project requirements and threat model are still under active development, so I don't think it's possible to have a release of an...

Per the [TUF design](https://github.com/notaryproject/nv2/blob/prototype-tuf/tuf-design.md#design), if we can distribute root keys that do namespaced delegations for a registry or registries, we can reduce the number of keys that need to be...

As discussed, I moved the first scenario to #96, and added a discussion of scoping to the scenario in this pr. The example may benefit from a diagram of possible...

@sudo-bmitch Thanks for the example, I think this makes it more clear what we're talking about. In this scenario, is it possible for different trusted parties, say dev and wordpress...

In that case, I think we'll need to update some of the requirements and scenarios to make it clear that Notary will no longer support tag signing. However, I worry...

Thanks @sudo-bmitch. I updated the scenarios.

Thanks for the feedback! I made some changes. I'm going to do a larger refactor that creates types for `SpecVersion` and `RepositoryVersions` pending the discussion in theupdateframework/taps#158

> Does it make sense to have each piece of ?root? metadata on a repo always contain a list of the other spec_versions of metadata that are available on that...

I updated this pr to reflect theupdateframework/taps#158, and to address the mypy type errors. There is one remaining mypy error that I can't seem to resolve, so I'd appreciate some...