mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Document fast-forward attack recovery
Document why deleting the timestamp and snapshot files is not needed to recover from a fast-forward attack. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
This commit is contained in:
parent
0f69f28710
commit
a31f2ecb4a
1 changed files with 5 additions and 0 deletions
|
|
@ -240,6 +240,11 @@ def root_update_finished(self):
|
|||
if self.root.signed.is_expired(self.reference_time):
|
||||
raise exceptions.ExpiredMetadataError("New root.json is expired")
|
||||
|
||||
# No need to recover from fast-forward attack here since
|
||||
# timestamp and snapshot are not loaded at this point and
|
||||
# when loaded later will be verified with the new rotated
|
||||
# keys.
|
||||
|
||||
self._root_update_finished = True
|
||||
logger.debug("Verified final root.json")
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue