Skip to content

Commit b534008

Browse files
committed
Update metadata version comparison rules in client workflow
The client workflow has a set of version comparison rules for how to update metadata files. The following PR addresses the differences coming from the fact that when updating not all metadata files should be treated equally. Fixes #207 and is related to #114 Signed-off-by: Radoslav Dimitrov <[email protected]>
1 parent 2e9417b commit b534008

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

tuf-spec.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1315,11 +1315,11 @@ it in the next step.
13151315
and report the signature failure.
13161316

13171317
5. **Check for a rollback attack.** The version number of the trusted
1318-
root metadata file (version N) MUST be less than or equal to the version
1318+
root metadata file (version N) MUST be less than the version
13191319
number of the new root metadata file (version N+1). Effectively, this means
13201320
checking that the version number signed in the new root metadata file is
1321-
indeed N+1. If the version of the new root metadata file is less than the
1322-
trusted metadata file, discard it, abort the update cycle, and report the
1321+
indeed N+1. If the version of the new root metadata file is less than or equal
1322+
to the version of the trusted metadata file, discard it, abort the update cycle, and report the
13231323
rollback attack.
13241324

13251325
6. Note that the expiration of the new (intermediate) root metadata
@@ -1368,9 +1368,9 @@ it in the next step.
13681368
3. **Check for a rollback attack.**
13691369

13701370
1. The version number of the trusted timestamp metadata file, if
1371-
any, MUST be less than or equal to the version number of the new timestamp
1372-
metadata file. If the new timestamp metadata file is older than the
1373-
trusted timestamp metadata file, discard it, abort the update cycle, and
1371+
any, MUST be less than the version number of the new timestamp
1372+
metadata file. If the new timestamp metadata file is less than or equal to
1373+
the trusted timestamp metadata file, discard it, abort the update cycle, and
13741374
report the potential rollback attack.
13751375

13761376
2. The version number of the snapshot metadata file in the

0 commit comments

Comments
 (0)