jku
commented
10 months ago So signing_event.update_targets() could
- figure out which roles have delegation changes
- for changed delegations, check if the delegated metadata is valid or not
- for invalid roles, create an edit (a version bump) for the delegated metadata
This would force the delegated metadata signers to sign in the same signing event.
However, I'm not sure this is appropriate in every case: what if the delegated metadata is already invalid (e.g. expired) and the signers are not available? This would prevent making changes to the delegation in that situation... This might be acceptable as long as this really applies only to delegations that have changes -- this way changes to delegating metadata can't be blocked because delegated signers are not available: so we should not just test the validity of all delegated roles when delegating metadata is changed, we should only test the ones whose delegation was changed
I think currently if a role (delegation) exists, and gets a change that makes the current delegated metadata invalid but does nothing that actually changes the metadata (like threshold is raised with no other changes) , then our tooling does not notice that the repository has invalid metadata in it.
What should happen is that signing event notices the metadata is invalid, and creates a new metadata version for that delegated role in the same signing event: this would force re-signing the delegated metadata as well