awwad
commented
7 years ago This issue was moved to uptane/uptane#13
Closed awwad closed 7 years ago
awwad
commented
7 years ago This issue was moved to uptane/uptane#13
This is probably not a problem, but it merited noting.
There's no underlying vulnerability to this in the reference implementation; it's just the demo code. The code for the demo Secondary pulls files from the demo Primary via xmlrpc and doesn't limit the size of the transfers. Since the demo Primary has already used an intelligent means of transferring images and metadata, the only vulnerability is in the case of compromised Primary.