rust-tuf
rust-tuf copied to clipboard
theupdateframework
Should Client::new download the latest metadata?
Copying from #157. Client::new right now starts with the first metadata, but that could be years out of date for a long-lived repository. Should it instead try to download the latest version instead?
The client should store the latest metadata is has seen and use it when updating. The client should also periodically be updated to ship with recent metadata.
These actions help to prevent old keys that have been compromised from being used to attack clients.
