Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Metadata verification API tweaks

See original GitHub issue

I’d like the API to handle all signature/hash verifications that it can (so that there’s a single place that’s considered “reference implementation”).

I’d also like these to be consistent and easy to use correctly (and hard to use incorrectly). I’m filing this as an umbrella issue since this is harder to do bit-by-bit…

Issues:

signature verification with threshold does not exist #1306
target hash verification is not implemented #1361
metadata hash verification is not implemented #1361
it’s not obvious how to use verify() (it returns a bool but multiple people have used the API incorrectly already, assuming it raises an exception) This doesn’t mean it needs to raise: the issue could be fixed by renaming to is_verified() or even is_signed()
the amount of different exceptions from verify is obnoxious #1351

Issue Analytics

State:
Created 2 years ago
Comments:9 (8 by maintainers)

Top GitHub Comments

1reaction

sechkovacommented, May 14, 2021

* sig verification and and the sig verification with threshold creates an annoying imbalance (in first case we ask metadata if it itself is signed, in second case we plan to ask metadata if _some other_ metadata is signed with threshold of keys). Good naming helps but alternatively we could move sig verification to Key object

Do we even need metadata to both verify itself and be able to verify other metadata? I think we should stick to one of the options. If the common agreement is towards metadata.verify_delegate_threshold_of_signatures() then probably we can get by without metadata.verify as a public method and add a helper/wrapper of sslib.verify_signature() if needed.

Feels like this question links to #1306

0reactions

jkucommented, Aug 25, 2021

Looks all done to me!

Top Results From Across the Web

API Documentation for App Store & Google Play Store API

Detailed description of all methods to access metadata, search, top charts, worldwide rankings for all apps in Apple App Store and Google Play...

API Security: The Complete Guide for 2022 | Ping Identity

APIs pose a significant cyber security threat, making API security a critical priority. Learn everything you need to know about API security.

4 Design Tweaks to Improve API Operations - Nordic APIs

We've previously discussed best practices when it comes to designing an API with quality developer experience. But what will the long term ...

More about meta tag verification | Google Search Central Blog

To verify using the <meta> tag, simply click the Verify link for your site, choose Add a meta tag as the verification option,...

Meta Integration® Metadata Management (MIMM) - README

The Meta Integration® Metadata Management (MIMM) Application Server is based on the Meta Integration® Repository (MIR) for metadata storage (in a database ...