-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
repository: Tweak snapshot/timestamp triggers #2438
Comments
jku
added a commit
to jku/tuf-on-ci
that referenced
this issue
Aug 10, 2023
We don't actually get a snapshot/timestamp when online keys rotate (because the code sees target content has not changed). This is likely a python-tuf bug but let's workaround for now: theupdateframework/python-tuf#2438
jku
added a commit
to jku/tuf-on-ci
that referenced
this issue
Aug 11, 2023
We don't actually get a snapshot/timestamp when online keys rotate (because the code sees target content has not changed). This is likely a python-tuf bug but let's workaround for now: theupdateframework/python-tuf#2438
Working on it. Thank you 👍 |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently
Repository.do_snapshot()
andRepository.do_timestamp()
decide whether the update is needed by looking at whether the contents are up-to-date.This bypasses one case where timestamp and snapshot are needed: when the signing keys have changed. So I guess the two methods should also check if the current snapshot/timestamp metadata is verified by root.
I did not do that originally since I was hoping the methods could be self contained and would not make assumptions about how the repository is generated/stored. This seems to be a good reason to peek at other metadata though: root should be assumed to exist and to be valid if you are calling do_snapshot/do_timestamp
The text was updated successfully, but these errors were encountered: