Closed KOLANICH closed 1 year ago
this is a repository tool and has to be able to work with metadata that a client considers invalid: The TUF spec should preferably describe repository operations but it does not -- and applying client workflow rules to repository processes isn't directly useful.
Specific validations may well make sense: If you have a specific suggestion, please reopen
Despite the first step of the most tuf update actions prescribes to fetch the data and validating it.