I'm currently improving #30 and adding a lot of output.
What will be missing from that PR is validation:
As part of SignerRepository.status() or in a separate SignerRepository.validate() we should go through the roles metadata and validate it: letting the user sign invalid metadata would be bad.
Examples of what to validate:
version numbers are reasonable compared to known-good-metadata
root changes match changes in root_history
keys have unique signer names
artifacts on disk match the metadata
there are enough signers/keys to reach threshold
snapshot and timestamp delegations must be identical
root must have exactly the correct delegations
delegation names should be alphanumeric
etc
this requires careful analysis in the end but we can also start incrementally...
Many of these validation steps we will also want in the actual repo side -- I'm not sure if this needs code sharing or not
I'm currently improving #30 and adding a lot of output.
What will be missing from that PR is validation: As part of
SignerRepository.status()or in a separateSignerRepository.validate()we should go through the roles metadata and validate it: letting the user sign invalid metadata would be bad.Examples of what to validate:
this requires careful analysis in the end but we can also start incrementally...
Many of these validation steps we will also want in the actual repo side -- I'm not sure if this needs code sharing or not