mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
4bcd703462
The specification, as of 1.0.16, describes an update expiration check as:
> The expiration timestamp in the trusted $ROLE metadata file MUST be
higher than the fixed update expiration time.
Having done some research into how other security providers are comparing
expiration equivalents (i.e. OpenSSL x509 certificate checking code, and
GnuPG expiration checks), and how other TUF implementations are performing
the same check (rust-tuf, go-tuf), we came to a consensus that the correct
way to implement expiration comparisons is:
expiration <= now
Where:
expiration: is the metadata's expiration datetime
now: is the current system time, or the fixed notion of time in the
detailed client workflow (introduced in 1.0.16 of the spec)
Fixes #1231
Signed-off-by: Joshua Lock <jlock@vmware.com>
|
||
|---|---|---|
| .. | ||
| api | ||
| client | ||
| scripts | ||
| __init__.py | ||
| ATTACKS.md | ||
| developer_tool.py | ||
| download.py | ||
| exceptions.py | ||
| formats.py | ||
| keydb.py | ||
| log.py | ||
| mirrors.py | ||
| README-developer-tools.md | ||
| README.md | ||
| repository_lib.py | ||
| repository_tool.py | ||
| roledb.py | ||
| settings.py | ||
| sig.py | ||
| unittest_toolbox.py | ||