specification icon indicating copy to clipboard operation
specification copied to clipboard

Published 20 hours ago verified publisher icon theupdateframework

Check timestamp/snapshot contains snapshot/targets description

Open erickt opened this issue 2 years ago • 3 comments

The timestamp.json states that the timestamp meta section MUST only contain a description of the snapshot.json file. However, updating the timestamp role does not describe when to perform this verification.

Similarly, the snapshot.json states that the snapshot meta section MUST contain a description of the targets.json file, which is also not described in updating the snapshot role.

This patch explicitly states that these checks should be performed, and that the metadata should be rejected if it is missing these entries.

erickt avatar May 19 '22 04:05 erickt

I just read through README.rst, and it looks like I was supposed to submit this against the draft branch. However that branch hasn't been touched since 2019. Should I change this to merge into that branch?

erickt avatar May 20 '22 18:05 erickt

I just read through README.rst, and it looks like I was supposed to submit this against the draft branch.

The README says:

  • For patch-type changes, pull requests may be submitted directly against the 'master' branch."

So this should be fine.

lukpueh avatar May 24 '22 12:05 lukpueh

However that branch hasn't been touched since 2019.

See #228 for an update and #229 for a request to prevent a stale draft branch in the future.

lukpueh avatar May 24 '22 12:05 lukpueh