From 3532fb800533f64484092fffa97a376ecc130c73 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 24 Apr 2017 14:59:18 -0400 Subject: [PATCH] Remove alternative schemes for overlapping targets --- docs/tuf-spec.txt | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/docs/tuf-spec.txt b/docs/tuf-spec.txt index fbc0e0b1..ad9763fc 100644 --- a/docs/tuf-spec.txt +++ b/docs/tuf-spec.txt @@ -786,21 +786,16 @@ Version 1.0 (Draft) "targets/foo.txt". Likewise, path pattern "foo-version-?.tgz" matches foo-version-2.tgz" and "foo-version-a.tgz", but not "foo-version-alpha.tgz". - Several schemes exist to resolve conflicts between delegated roles that - share responsibility for overlapping target paths. One of the simplest of - such schemes is for the client to consider metadata in order of appearance - of delegations; we treat the order of delegations such that the first - delegation is trusted more than the second one, the second delegation is - trusted more than the third one, and so on. The metadata of the first - delegation will override that of the second delegation, the metadata of the - second delegation will override that of the third delegation, and so on. In - order to accommodate this scheme, the "roles" key in the DELEGATIONS object - above points to an array, instead of a hash table, of delegated roles. - - Another scheme would have the clients prefer the delegated role with the - latest metadata for a conflicting target path. Similar ideas were explored - in the Stork package manager (University of Arizona Tech Report - 08-04)[https://isis.poly.edu/~jcappos/papers/cappos_stork_dissertation_08.pdf]. + Prioritized delegations allow clients to resolve conflicts between delegated + roles that share responsibility for overlapping target paths. To resolve + conflicts, clients must consider metadata in order of appearance of delegations; + we treat the order of delegations such that the first delegation is trusted + over the second one, the second delegation is trusted more than the third + one, and so on. Likewise, the metadata of the first delegation will override that + of the second delegation, the metadata of the second delegation will override + that of the third one, etc. In order to accommodate prioritized + delegations, the "roles" key in the DELEGATIONS object above points to an array + of delegated roles, rather than to a hash table. The metadata files for delegated target roles has the same format as the top-level targets.json metadata file.