specification
specification copied to clipboard
theupdateframework
The Update Framework specification
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.2.0 to 4.3.0. Release notes Sourced from actions/setup-python's releases. v4.3.0 Update @actions/core to 1.10.0 version #517 Update @actions/cache to 3.0.4 version #499 Only use github.token on github.com...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
https://github.com/sigstore/root-signing/pull/376#discussion_r971886294 @kommendorkapten brought up this issue during a change where we used to serve canonicalized repository metadata, and just now switched to normal `encoding/json`. This technically changes the bytes that...
The repository operations section of the specification should make it crystal clear when the [`VERSION`](https://theupdateframework.github.io/specification/latest/#role-version) in metadata should be increased. This has come up recently for two repository implementations: 1....
In the [root.json](https://theupdateframework.github.io/specification/latest/#file-formats-root) part of the spec, it states that it is required to have a role defined for `root`, `targets`, `snapshot`, `timestamp`, and optionally `mirror`. However in the section...
Add TUF JSON schema files. These schema files were produced as part of Datadog agent integration testsuite (additionally adjusted to remove Datadog specific parts) and have not been reviewed yet...
TUF is supposed to be about crypto agility (vs what I call "crypto rigidity"), but unfortunately, the specification currently falls somewhere in the middle. Some cryptosystems are deliberately simple so...
Bumps [actions/checkout](https://github.com/actions/checkout) from 3df4ab11eba7bda6032a0b82a6bb43b11571feac to aadec899646c8e0f34c52d9219c2faac36626b55. Changelog Sourced from actions/checkout's changelog. Changelog v4.1.0 Add support for partial checkout filters v4.0.0 Support fetching without the --progress option Update to node20 v3.6.0...
This PR adds explicit examples of targets that are not matched by a wildcard. It also adds a note warning users that incorrect assumptions about wildcard behavior can potentially lead...
This is to start a conversation. I am hoping to nerd snipe someone who has the relevant knowledge into doing something I don't know how to do. I think it...
The first-party [create-release](https://github.com/actions/create-release) GitHub Action we are using has been archived since Mar 4, 2021. We should switch over to a _third-party_ maintained action, the [create-release README](https://github.com/actions/create-release#readme) suggests a few...