We want to document some securesystemslib classes (Key gets documented
with this change already as it's part of the metadata API).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Here is the list of all breaking API changes:
1) The "role" and "key" arguments in "Root.add_key()" are in reverse
order - "key" becomes first and "role" second.
2) "Root.remove_key()" has been renamed to "Root.revoke_key()".
3) The "role" and "keyid" arguments in "Root.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
4) The "role" and "key" arguments in "Targets.add_key()" are in reverse
order - "key" becomes first and "role" second.
5) "Targets.remove_key()" has been renamed to "Targets.revoke_key()".
6) The "role" and "keyid" arguments in "Targets.revoke_key()" are in
reverse order - "keyid" becomes first and "role" second.
7) In both methods "Targets.add_key()" and "Targets.revoke_key()" the
"role" argument becomes an optional with a default value of None.
Those changes are made in an effort to make those methods logical
for both cases when standard roles and succinct_roles are used.
The "Root" API change was done in order to preserve naming and argument
order consistency with "Targets" API.
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This blog post explains details around the use of respository
simulator, `--dump` option and test cases with expired metadata
Fixes#1885
Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
The class docstring for FetcherInterface needed to clearly state that
only _fetch() had to be implemented in it's implementation. This is
because the public API of the interface is implemented already.
Signed-off-by: Abhisman Sarkar <abhisman.sarkar@gmail.com>
Mention how to use verify_release with the recently added --sign
option to create signatures for a verified release.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Since #1971 ci and cd workflows run independently of each other,
each of them also calling the test workflow.
This patch updates RELEASE.md to match the new setup.
It also fixes a (twice) broken link.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change RELEASE.md to include instructions to trigger and review
auto release workflow (CI/CD).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
verify-release
* Builds a release from current commit
* Notifies if git describe does not match built version
* Notifies if built version is not the latest GitHub or PyPI version
* Asserts that the GitHub and PyPI release artifacts match the built
release artifacts
This should be useful after release as any developer (or a CI job) can
easily verify that the release matches the sources in git.
Note that the last checks currently fail as the 1.0 build was not
reproducible. They should succeed after next release.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
* version number is single sourced now
* Mention that using pip against test.pypi.org is unsafe
* Fix some filenames in the examples
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Minima theme by default adds all files in blog root (docs/) as links in
the header. This looks ridiculous in our case: let's just have a link to
blog front page.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Add config for GitHub Pages so that we can use it as a project blog.
* _config.yml is jekyll configuration
* index.md contains description and title for the blog main page.
* Any files matching "_posts/YYYY-MM-DD-TITLE.md" are considered posts
The Github Pages configuration only allows "/" or "/docs/" as the Jekyll
root directory: The clutter in docs/ is annoying but otherwise this is a
very easy setup.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Change docs in preparation of close v1.0.0 release.
- Remove important notice about upcoming 1.0.0 release from README
- Reword 1.0.0-ANNOUNCEMENT.md to not sound outdated after release
Co-authored-by: Joshua Lock <jlock@vmware.com>
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Update README.md#Acknowledgements
- Reword to acknowledge maintainer contributions as well
- Remove names that are mentioned in maintainers document
- Remove duplicate Konstantin Andrianov
Santiago Torres-Arias, Sebastien Awwad, Trishank Kuppusamy,
Vladimir Diaz)
- Add new significant contributors
(Ivana Atanasova, Kairo de Araujo, Martin Vrachev)
Remove unmaintained AUTHORS.txt, which lists many individuals and
organisations that are/were not affiliated with 'python-tuf', but
other projects in the TUF ecosystem (Thandy, Notary, etc.) and
thus is not suited for this repository.
-> theupdateframework.io#38
Caveats:
- Significant contributors means top ~20 committers sorted by
commit count (`git shortlog -s`).
- The Acknowledgements section might miss significant contributors,
if they contributed by other means than git commits in this repo.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
As discussed in detail in #1793, maintainer-level (GitHub)
permissions should be granted to those who need them, i.e. who
actively maintain the project at the moment.
The MAINTAINERS.txt file should reflect that state.
It will be reviewed regularly (#1803), and can be changed (e.g.
reverted to a prior state) at any time as need arises.
To express our appreciation for past efforts, we might use the
Acknowledgement section of the README, and also update it
regularly.
In the case of this update: Big kudos to @awwad, @SantiagoTorres
and @sechkova for all their valuable contributions to python-tuf!
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This is an ugly hack to also resolve the link when the document is
rendered in GitHub, where it is likely to be browsed, because it is
the community standard location for a GitHub repo's contributing
docs.
Coordinate with #1849 to better separate RTD docs with GitHub docs
in the future.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Move release signature verification instructions to bottom of
install docs. The doc is short, so the section is still prominent
enough for promoting verification, but does not break the reading
flow as much anymore.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Make contributing document header sentence case for consistency
with other docs and shorten menu name in side navbar to stand out
less.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
