Duplicate keys when re-signing a repository

theupdateframework / pep-on-pypi-with-tuf

PEP 458: Securing the Link from PyPI to the End User

The Unlicense

6 stars 2 forks source link

Duplicate keys when re-signing a repository #2

Closed free-Runner closed 10 years ago

free-Runner commented 10 years ago

Currently, a repository re-signed with the same key duplicates the key in root.txt & targets.txt. The tools should detect if the key is the same when signing and simply update the file instead of adding the duplicate key.

JustinCappos commented 10 years ago

Vlad: This is important to fix.

On Tue, Nov 19, 2013 at 7:43 PM, free-Runner notifications@github.comwrote:

Currently, a repository re-signed with the same key duplicates the key in root.txt & targets.txt. The tools should detect if the key is the same when signing and simply update the file instead of adding the duplicate key.

— Reply to this email directly or view it on GitHubhttps://github.com/theupdateframework/pep-on-pypi-with-tuf/issues/2 .

trishankkarthik commented 10 years ago

On Tue 19 Nov 2013 11:22:32 PM EST, JustinCappos wrote:

+1

Vlad: This is important to fix.

Wrong repository, @free-Runner ;) Please close this issue here and move it to the tuf repository instead.

vladimir-v-diaz commented 10 years ago

Reopening this issue here: https://github.com/theupdateframework/tuf @dachshund: You may close this issue on this repository.