-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TAP 6 - Include specification version in metadata #18
Conversation
README.md
Outdated
* [TAP 5: Setting URLs for roles in the root metadata file](https://github.com/theupdateframework/taps/blob/master/tap5.md) | ||
* [TAP 4: The map file](tap4.md) | ||
* [TAP 5: Setting URLs for roles in the root metadata file](tap5.md) | ||
* [TAP: 6: Include specification version in metadata](tap6.md) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extra :
?
Remove extra `:` in TAP 6 entry.
What types of change to the spec constitute a What should a client do if it sees fields defined in a What does a client that supports Does the version being in the signed portion of the metadata adequately mitigate downgrade attacks? The TAPs currently consider backwards compatibility in terms of clients that support the TAP and clients that don't. In all of those cases, the client makes decisions based on the data it sees, not the stated spec version. The motivating example is not an issue for newer clients, which ignore the deprecated field. My current thinking is that if a TAP's changes are backwards-compatible, this does not constitute a need for a version change. Most changes can probably be backwards compatible, only those that change "protocol" like order of metadata downloading or types of metadata files would need to break. Thoughts? |
I think any accepted TAP that introduces a backwards incompatibility warrants a change to the specification's major version number. That is, the
Are you asking what should a client do if the format of metadata, that's supposedly for a specific I think in this case, the client should reject the metadata as improperly formatted and raise an exception. I think the client should only reject major version numbers that it doesn't support/recognize. Metadata with varied minor version numbers should be safe to parse by the client.
See above. It shouldn't give up if it's a minor version change. However, unsupported major version numbers should be rejected and cause an exception.
I agree. Please note that this is only my opinion, and I haven't discussed them with the rest of the team. |
On Wed, Jan 25, 2017 at 5:03 PM, Vladimir Diaz ***@***.***> wrote:
What types of change to the spec constitute a spec_version change?
I think any accepted TAP that introduces a backwards incompatibility
warrants a change to the specification's major version number. That is, the
X in version number X.Y. For example, TAP 3 (multi-role delegations)
should require a change to the X. For TAP 7 (Conformance testing), the Y
would change and imply that it's a backwards compatible change to the
specification.
I agree, with the proviso that when we say "backwards compatible", we
really mean "behavior we intend to have outdated (version X.*) clients".
The rest seems good to me.
|
Okay, I will update the TAP to explain how specification version numbers change when a TAP is implemented. |
That's a good question! If we go with this behavior that @vladimir-v-diaz suggested:
then we should make sure that we never release a specification version X.Y where interpretation as if it were version X.Z (Z<Y) by a client familiar with X.Z might result in insecure or undesired behavior. In other words, regardless of whether or not the metadata "format" has changed, if the expected behavior changes in such a way that the meaning of new metadata with the same text has changed, then the major version number for the metadata must be increased, because we cannot allow an old client to misunderstand new metadata. For example, reversing the default value of terminating (used to be backtracking) from False to True, must result in a change to the specification's major version number so as to prevent old clients from misinterpreting the new metadata (They should reject it instead.). |
@JustinCappos Are you saying that a change to the spec's minor version is only backwards compatible for clients within the same major version? I originally said, "... the Y would change and imply that it's a backwards compatible change to the specification" Are you pointing out that the use of specification at the end of the sentence is unclear? |
TAPs that have been assigned a TAP number will now be merged into the "master" branch. This does not mean that the merged TAP has been accepted, only that the proposed change (with potential tweaks) is likely to be incorporated into TUF. We'll likely continue to comment on the pull request after it's been closed, so that we can easily comment on specific lines of the TAP. @endophage Thanks for submitting TAP 6! |
On Fri, May 19, 2017 at 11:32 AM, Vladimir Diaz ***@***.***> wrote:
TAPs that have been assigned a TAP number will now be merged into the
"master" branch. This does not mean that the merged TAP has been accepted,
only that the proposed change (with potential tweaks) is likely to be
incorporated into TUF.
I would say instead that merging a TAP means it is worth having a permanent
/ fixed TAP number to point to this discussion. Moving from 'draft' to
'accepted' status is what means it is likely to be merged with tweaks.
|
Initial draft of TAP 6 posted to mailing list on Oct. 6, 2016 by David Lawrence
https://groups.google.com/forum/#!topic/theupdateframework/iDdRsl-gUII