updater fails silently if curent.Signed.Version < previous

[groob]

in tuf/tuf.go

This code returns an empty string every single time because I have a misconfiguration in my notary setup.
If this is not a valid state, the updater should blow up instead.

	var stagedPath string
	if current.Signed.Version > previous.Signed.Version {
		stagedPath, err = rs.stageTarget(current.Signed.Targets)
		if err != nil {
			return nil, "", errors.Wrap(err, "staging targets")
		}
	}
	return current, stagedPath, nil

[groob]

This is the actual error. (it's happening because my roots are different from what's in the mirror)

error: "getting paths for staged packages: refreshing targets: staging targets: downloading target: target verification failed: target length is incorrect"

btw, there's a lot of indirection happening there.

[murphybytes]

That code is looking to see if the version of the targets role that we got from notary, is greater than the version we have in our local TUF repo. If the targets role from notary is the same as the targets role in our local repo, we don't return an error, and the stagedPath is an empty string because there is nothing new to download.

[groob]

That code is looking to see if the version of the targets role that we got from notary, is greater than the version we have in our local TUF repo.

Ok, but my local repo files are signed by completely different notary server and the target I'm looking for doesn't match what is in the remote. I had to generate brand new roots when I was setting up a test.
The current updater assumes everything in the local path is perfect, otherwise it just silently ignores the message.
Do you think there's a way to verify that the local repo files are mismatched?
If not, would you accept a debug log message there? The current state is forever silent/undetectable without removing a conditional in the code.

[groob]

I hit another edge case with this where both previous and current version are the same according to the metadata, but there are 0 versions downloaded. locally.

How can we handle the case where there have been 0 updates according to the files in repo/ but we don't have the software on the system already?