Closed jku closed 2 years ago
This seems to work just fine -- although the succinct key is now in my possession, in a real use case it would have to be in the repository.
Maybe there is a way to test that as well here? modify snapshot process so that it notices changes to any targets roles it has keys for and and tries to sign them before snapshot?
Once https://github.com/vmware-labs/repository-editor-for-tuf/pull/39 is in, we should add succinct delegations to this repo: not in top-level targets though so that old clients keep working as long as they don't ask for succinctly delegated targets.
That should work?
Then manual test that downloading these targets with ngclient (as described in README) works.