verify: verify active manifest at Coordinator

[davidweisse]

The verify command already takes the manifest file as an input. On verify, the CLI will now check if the local manifest matches the active manifest on the Coordinator.

[katexochen]

I'm still confused by this change. If we have a manifest we trust, then we also already audited the policies referenced in this manifest. Why should we still write all the files on disk then and ask the user to audit it again?

[burgerdev]

The set command does not unpack the policies, so it is somewhat convenient to get them through verify. But I agree that we should not ask the user to audit them.

[katexochen]

The set command does not unpack the policies, so it is somewhat convenient to get them through verify. But I agree that we should not ask the user to audit them.

Remember those two calls are (potentially) called from different entities! The data owner still has to review both the manifest and the policies. If the result of the verify should be "you definitely can trust this Coordinator, and no further steps are required" then we must assume the policies were also communicated out of band and the data owner already verified them (so there is no reason to output them). I think we should keep the output of files and state even more clear to the data owner what to do.