From 80818e9ee166c8892ad7537ddf2c65ba23ae87fb Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Fri, 24 Jul 2020 21:27:37 +0300 Subject: [PATCH] Clarify docstring commets about Mercury paper Signed-off-by: Martin Vrachev --- tuf/repository_lib.py | 6 ++++-- tuf/repository_tool.py | 26 ++++++++++++++++---------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index ea14f638..fe77ad84 100644 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -1561,14 +1561,16 @@ def generate_snapshot_metadata(metadata_directory, version, expiration_date, use_length: Whether to include the optional length attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. + Default is False to save bandwidth but without losing security + from rollback attacks. Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy use_hashes: Whether to include the optional hashes attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. + Default is False to save bandwidth but without losing security + from rollback attacks. Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index 47dcbb13..3a2f4dce 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -191,14 +191,16 @@ class Repository(object): use_snapshot_length: Whether to include the optional length attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. + Default is False to save bandwidth but without losing security + from rollback attacks. Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy use_snapshot_hashes: Whether to include the optional hashes attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. + Default is False to save bandwidth but without losing security + from rollback attacks. Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy @@ -2918,15 +2920,17 @@ def create_new_repository(repository_directory, repository_name='default', use_snapshot_length: Whether to include the optional length attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. - Read more here: + Default is False to save bandwidth but without losing security + from rollback attacks. + Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy use_snapshot_hashes: Whether to include the optional hashes attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. - Read more here: + Default is False to save bandwidth but without losing security + from rollback attacks. + Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy @@ -3025,15 +3029,17 @@ def load_repository(repository_directory, repository_name='default', use_snapshot_length: Whether to include the optional length attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. - Read more here: + Default is False to save bandwidth but without losing security + from rollback attacks. + Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy use_snapshot_hashes: Whether to include the optional hashes attribute for targets metadata files in the snapshot metadata. - Default is False because of bandwidth considerations. - Read more here: + Default is False to save bandwidth but without losing security + from rollback attacks. + Read more at section 5.6 from the Mercury paper: https://www.usenix.org/conference/atc17/technical-sessions/presentation/kuppusamy