You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Repository.do_snapshot() and Repository.do_timestamp() decide whether the update is needed by looking at whether the contents are up-to-date.
This bypasses one case where timestamp and snapshot are needed: when the signing keys have changed. So I guess the two methods should also check if the current metadata is verified by root.
I did not do that originally since I was hoping the methods could be self contained and would not make assumptions about how the repository is generated/stored. This seems to be a good reason to peek at other metadata though: root should be assumed to exist and to be valid if you are calling do_snapshot/do_timestamp
The text was updated successfully, but these errors were encountered:
jku
added a commit
to jku/tuf-on-ci
that referenced
this issue
Aug 10, 2023
We don't actually get a snapshot/timestamp when online keys rotate
(because the code sees target content has not changed).
This is likely a python-tuf bug but let's workaround for now:
theupdateframework/python-tuf#2438
jku
added a commit
to jku/tuf-on-ci
that referenced
this issue
Aug 11, 2023
We don't actually get a snapshot/timestamp when online keys rotate
(because the code sees target content has not changed).
This is likely a python-tuf bug but let's workaround for now:
theupdateframework/python-tuf#2438
Currently
Repository.do_snapshot()
andRepository.do_timestamp()
decide whether the update is needed by looking at whether the contents are up-to-date.This bypasses one case where timestamp and snapshot are needed: when the signing keys have changed. So I guess the two methods should also check if the current metadata is verified by root.
I did not do that originally since I was hoping the methods could be self contained and would not make assumptions about how the repository is generated/stored. This seems to be a good reason to peek at other metadata though: root should be assumed to exist and to be valid if you are calling do_snapshot/do_timestamp
The text was updated successfully, but these errors were encountered: