tiup icon indicating copy to clipboard operation
tiup copied to clipboard
verified publisher icon pingcap

Is it security to not update root.json first

Open nexustar opened this issue 3 years ago • 0 comments

General Question

TiUP may not follow TUF when update root.json

In manifest doc https://github.com/pingcap/tiup/blob/master/doc/design/manifest.md#deviations-from-tuf , it is not mentioned that tiup is difference whit TUF when start a update. But in https://github.com/pingcap/tiup/blob/master/doc/design/manifest.md#download-a-component-version-for-a-target ,it say we update timestamp.json first which not follow TUF.

Before #1554 ,tiup implement as TUF. After #1554 ,tiup implements as tiup doc

nexustar avatar May 11 '22 03:05 nexustar