specification
specification copied to clipboard
theupdateframework
The Update Framework specification
The specification frequently uses the terms objects, attributes and attribute-value fields. This object related terminology almost certainly reinforces the notion that JSON is the preferred/required data format. dictionary, field and...
Some of the terminology used in TUF metadata is not ideal. Given that no single rename justifies the consequential migration effort, this issue shall collect terminology pet peeves and rename...
Previously, we used to allow metadata files nested inside directories, which explains the following text in the [specification](https://github.com/theupdateframework/specification/blob/fd85a8a12403435d84e202ea8790eb4abad4559d/tuf-spec.md#4-document-formats): ``` METAFILES is an object whose format is the following: { METAPATH...
In https://github.com/php-tuf/php-tuf we are making sure we have the logic correct around terminating delegations. As we have updated our implementation of the spec from v1.0.9(the release when we started) to...
In [Document formats](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#document-formats--document-formats) the spec states that > If a backwards incompatible format change is needed, a new filename can be used. This looks like an artifact from before we...
Because signatures (at least in the preferred ed25519 mode) are deterministic products of the key and payload materials, it doesn't seem like there's a use case for more than one...
Add some additional text to each "Check for an arbitrary software attack" section describing threshold computation, in an attempt to help TUF implementers avoid falling into the trap of a...
Per the discussion in #150, it's not clear in the description of the DFS that each of the steps below 'Perform a pre-order depth-first search' must be done on each...
[TAP 4](https://github.com/theupdateframework/taps/blob/master/tap4.md) (the map file) describes how users may specify that a certain repository should be used for some targets, while other repositories are to be used for other targets....
In [Section 5.6.2 of the current spec](https://github.com/theupdateframework/specification/blob/56ef9545ea244d9c5397bce72278eb01483888d2/tuf-spec.md#5-detailed-workflows), we say: > 5.6.2. Otherwise, download the target (up to the number of bytes specified in the targets metadata), and verify that its...