Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/develop' into merge-master-to-ex…
…periemental-client
- Loading branch information
Showing
57 changed files
with
278 additions
and
546 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
# Accept metadata that includes unrecognized fields | ||
|
||
- Status: accepted | ||
- Date: 2021-04-08 | ||
|
||
Technical Story: https://github.com/theupdateframework/tuf/issues/1266 | ||
|
||
## Context and Problem Statement | ||
|
||
The current reference implementation will ignore unrecognized fields in a | ||
metadata file when loading it. | ||
This leads to the side effect that if you read a metadata file with unrecognized | ||
fields and immediately write it back to the disk, this file will be modified. | ||
|
||
Furthermore, some TAPs like: | ||
- [TAP 6](https://github.com/theupdateframework/taps/blob/master/tap6.md) | ||
- [TAP 10](https://github.com/theupdateframework/taps/blob/master/tap10.md) | ||
- [TAP 14](https://github.com/theupdateframework/taps/blob/master/tap14.md) | ||
- [TAP 15](https://github.com/theupdateframework/taps/blob/master/tap15.md) | ||
- [TAP 16](https://github.com/theupdateframework/taps/blob/master/tap16.md) | ||
|
||
are relying on that unrecognized fields will be accepted to introduce new fields | ||
to the specification without making the metadata invalid for older clients who | ||
don't recognize the field. | ||
|
||
## Decision Drivers | ||
- The TUF specification implies support for unrecognized attribute-value fields, | ||
see [Document formats](https://theupdateframework.github.io/specification/latest/#document-formats) | ||
- If we perform the following operations on a metadata file with no | ||
intermediate operations: | ||
1. read the metadata file | ||
2. write the metadata file back to the disk | ||
|
||
then, the checksum (the content) of the file must not be changed. | ||
- Flexibility to add new fields in the spec without adding breaking changes. | ||
|
||
## Considered Options | ||
- Ignore and drop unrecognized fields. | ||
- Ignore, but store unrecognized fields as an additional attribute. | ||
|
||
## Decision Outcome | ||
|
||
Chosen option: "Ignore, but store unrecognized fields as an additional | ||
attribute." | ||
The motivation for this decision is that the TUF specification already implies | ||
that we should accept unrecognized fields for backward compatibility and easier | ||
future extensibility. | ||
|
||
Additionally, it seems unacceptable to change a metadata file content just by | ||
reading and writing it back. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
The TUF specification file has been moved to https://github.com/theupdateframework/specification/blob/master/historical/tuf-spec.md | ||
The TUF specification file has been moved to https://github.com/theupdateframework/specification/blob/master/historical/tuf-spec.0.9.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,10 @@ | ||
certifi==2020.12.5 # via requests | ||
cffi==1.14.5 # via cryptography, pynacl | ||
chardet==4.0.0 # via requests | ||
cryptography==3.4.6 # via securesystemslib | ||
cryptography==3.4.7 # via securesystemslib | ||
idna==2.10 # via requests | ||
pycparser==2.20 # via cffi | ||
pynacl==1.4.0 # via securesystemslib | ||
requests==2.25.1 | ||
securesystemslib[crypto,pynacl]==0.20.0 | ||
six==1.15.0 | ||
urllib3==1.26.4 # via requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,4 +43,3 @@ | |
# | ||
securesystemslib[crypto, pynacl] | ||
requests | ||
six |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.