Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to perform modifications on bins handled by succinct hash bin delegations?
See original GitHub issueDescription of issue or feature request:
Currently, I am working to support succinct hash bin delegation as described in TAP 15 in Repository Editor for TUF.
Repository Editor for Tuf is a CLI tool that tests the usability of the public API calls provided by python-tuf while also providing a good hands-on visualization approach to learn about python-tuf and the TUF specification as a whole.
While working on it I came up with the following question:
how do we want to approach changes related to delegated bins represented by succinct_roles dictionary inside a targets role?
For example, what should we do when a user wants to do the following in a bin metadata file:
- add/remove a new key
- change threshold
- bump expiry
- add/remove a target
- add/remove/edit delegation
- bump version
I want to discuss it with everyone who is interested but will especially love to hear the opinions of the maintainers.
Issue Analytics
- State:
- Created a year ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sounds right to me, and I would even say that, in terms of metadata update chains, there is nothing special about hash bin delegation when compared to any other delegation. This means whenever you change the keys or thresholds in delegating metadata (root or targets), you likely want to resign the delegated metadata, if you control the signing keys, which should always be true for hash bin delegation.
And you are right,
3to6shouldn’t affect the delegating role, but they do usually entail a chain of updates in snapshot and timestamp.I left a similar comment a while ago in https://github.com/theupdateframework/python-tuf/issues/958#issuecomment-553830755
Good question. I think that anything that is included in the
succinct_rolesdefinition should be changed withTargetsAPI calls, like the ones you show above.But something that only affects one bin (like adding a target) can be handled directly by that bin, just like a normal role adding a target.