Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove alternative schemes for overlapping targets

Browse source
This commit is contained in:
Vladimir Diaz 2017-04-24 14:59:18 -04:00 committed by GitHub
parent 116cb39039
commit 3532fb8005
1 changed files with 10 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
docs/tuf-spec.txt
View file

@ -786,21 +786,16 @@ Version 1.0 (Draft)
"targets/foo.txt". Likewise, path pattern "foo-version-?.tgz" matches
foo-version-2.tgz" and "foo-version-a.tgz", but not "foo-version-alpha.tgz".
Several schemes exist to resolve conflicts between delegated roles that
share responsibility for overlapping target paths. One of the simplest of
such schemes is for the client to consider metadata in order of appearance
of delegations; we treat the order of delegations such that the first
delegation is trusted more than the second one, the second delegation is
trusted more than the third one, and so on. The metadata of the first
delegation will override that of the second delegation, the metadata of the
second delegation will override that of the third delegation, and so on. In
order to accommodate this scheme, the "roles" key in the DELEGATIONS object
above points to an array, instead of a hash table, of delegated roles.
Another scheme would have the clients prefer the delegated role with the
latest metadata for a conflicting target path. Similar ideas were explored
in the Stork package manager (University of Arizona Tech Report
08-04)[https://isis.poly.edu/~jcappos/papers/cappos_stork_dissertation_08.pdf].
Prioritized delegations allow clients to resolve conflicts between delegated
roles that share responsibility for overlapping target paths. To resolve
conflicts, clients must consider metadata in order of appearance of delegations;
we treat the order of delegations such that the first delegation is trusted
over the second one, the second delegation is trusted more than the third
one, and so on. Likewise, the metadata of the first delegation will override that
of the second delegation, the metadata of the second delegation will override
that of the third one, etc. In order to accommodate prioritized
delegations, the "roles" key in the DELEGATIONS object above points to an array
of delegated roles, rather than to a hash table.
The metadata files for delegated target roles has the same format as the
top-level targets.json metadata file.