Code Monkey home page Code Monkey logo

Comments (4)

adityasaky avatar adityasaky commented on May 18, 2024

But for this, they need to be authorized to sign the RSL entry for the policy namespace.

This is not true anymore. The validity of a policy state is strictly verified internally except for its root keys. A policy state's root keys must be trusted by the previous policy state. So we need to think about how to handle cases where targets metadata are removed. We might have to special case this a bit, handling the top level role differently from the rest, and also double check how TUF behaves. AIUI, the snapshot role allows for removing a targets role if there's a key rotation to go with it. @JustinCappos can you confirm?

from gittuf.

JustinCappos avatar JustinCappos commented on May 18, 2024

In general, the snapshot doesn't allow the removal of a targets role / metadata file, but does control which versions are available and trusted. (This is similar, but not identical to what you say above.)

I think we need to consider how to appropriately merge timestamp and snapshot into gittuf. I believe it may not be necessary to have either, but would like to discuss.

from gittuf.

adityasaky avatar adityasaky commented on May 18, 2024

The RSL state can be used to infer snapshot properties (minus, possibly, the signer making the snapshot claim). It could be as simple as setting some constraints on what targets roles a state must contain based on the previous one. This is akin to #116's changes but expanded to targets roles. If I understand correctly, in the default case a new policy state must contain all the same targets roles (identified by name) as the previous one, may introduce one or more new targets roles (identified by name), and all roles must have the same version or version + 1 as the prior state.

from gittuf.

adityasaky avatar adityasaky commented on May 18, 2024

That does, however, require us to work out how targets can be removed when the delegated role is no longer necessary. This is one of a few examples we've encountered so far where gittuf's expectations deviate from TUF's. We're never verifying historic artifacts / states using the current set of metadata in gittuf, which is largely not the case with TUF.

from gittuf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.