rust-tuf
rust-tuf copied to clipboard
theupdateframework
Rust implementation of The Update Framework (TUF)
I don't really see a strong distinction between `MetadataPath` and `TargetPath`, and I'm not sure if `VirtualTargetPath` ought to be exposed to the user. It feels more like a `Repository`...
As part #151, I started making rust-tuf concurrent. This means however that some previously safe patterns, like storing metadata both as `MetadataVersion::Number(X)` and `MetadataVersion::None` to signify it as the latest...
I noticed that inside `Client::_fetch_target` during the section we're [updating the metadata](https://github.com/heartsucker/rust-tuf/blob/d6bb132ad3eb85e0426036f91526698fc61f99dd/src/client.rs#L497-L512), we're using `MetadataVersion::None` when getting the local target metadata, but using `MetadataVersion::Hash(...)` when getting the remote target metadata....
We haven't quite figured out our rust https story on fuchsia, but one of the options we are considering is to have a dedicated service managing web requests. If that's...
This will break things when the root has `consistent_snapshot: true`.
Currently the outcomes of updating are: 1) Things are ok, we did an update. 2) Things are ok, we did not update. 3) Everything is borked and on fire. Return...
If an attacker manages to compromise the local repository (in this case only FS repos are susceptible, others may be in the future) and adds bad metadata, the client would...
I didn't *get* how `Box` worked when I wrote this, and it might be possible to clean up the type signatures by boxing a lot of the traits such as...
Since this lib relies on `ring` for crypto, it may not be possible to zero the memory directly. This should be investigated and possibly updated upstream. Tagging @briansmith since he...
For example, a repo shouldn't have to store both `root.json` and `1.root.json`, but it should smartly update a pointer. In the case of a FS repo, this should be done...
Metadata
Owner
Metadata
Rust implementation of The Update Framework (TUF)