Open flavio opened 4 days ago
JFYI: TUF's reference implementation (written in python) has LENGTH
and HASHES
optional also for timestamp.json
I agree with you @jku, I just wanted to go soft on the initial PR to not scare the maintainers :smile:
But this change is definitely on the table if the maintainers are fine with that.
This change makes sense to me, although it has triggered a clippy warning. Unless someone disagrees, I think it might be fine to just add a clippy exception to load_snapshot
for now and we can break up the function in a later PR.
Issue #, if available:
Fixes issue https://github.com/awslabs/tough/issues/771
Description of changes:
According to the TUF specification, the
meta
attribute oftimestamp.json
must follow the same specification ofMETAFILES
. That means it has optionalLENGTH
andHASHES
.See this section of the TUF specification.
I've handled a missing
LENGTH
andHASHES
in thetimestamp.json
file using the same logic used by the library when loading targets.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.