go-tuf
go-tuf copied to clipboard
theupdateframework
Go implementation of The Update Framework (TUF)
This tracking issue is to implement [TAP 4](https://github.com/theupdateframework/taps/blob/master/tap4.md): Multiple repository consensus on entrusted targets. To implement this, I propose creating a NEW type `MultiRepositoryClient` which takes a `map.json` file. It...
This came up during a discussion related to new features for the sigstore TUF client, as there is a desire to make implementations in different languages sharing the target and...
Release Notes: - Implements full support for ECDSA and RSA key types. - When generating a key with the `gen-key` sub command, the `--type` flag can be specified to select...
Description: - The `list` command for the go-tuf client implementation might not be very useful in the long term - It’s okay to build a list with the available targets...
Once delegations are added in #175, `AddTargetsWithDigest` from #170 will need to be updated to support delegated targets roles.
There are a number of methods which may require breaking API changes to support delegations. These include: - [ ] `Repo.GetThreshold` - [ ] `Repo.SetThreshold` - [ ] `Repo.RevokeKeyWithExpires` and...
We added delegation support in #175. Now, it would be great to add support for them to the CLI. I envision something like the following: * `delegate from_role to_role namespace`...
If a user adds a delegation with a repeated name, but with different properties (e.g. Updates it), then it will catch on this error: https://github.com/theupdateframework/go-tuf/blob/355e39cb2df220fc3961396a6d0e30bcf2c9ac12/repo.go#L559-L563 @ethan-lowman-dd WDYT?
@ethan-lowman-dd @mnm678 this came up when using delegations from https://github.com/theupdateframework/go-tuf/pull/175, but also applies to root and targets: how do you deal with re-signing delegations? let's suppose no change is made...
Metadata
Owner
Metadata
Go implementation of The Update Framework (TUF)