Skip to content

It is probably not helpful for Timestamp to list Snapshot's hash #28

@awwad

Description

@awwad

Timestamp and Root are likely to be the two most-downloaded files on a repository. Currently, Timestamp lists information for Snapshot in a different way than Snapshot lists information for Targets and delegated targets files: timestamp lists the hash of snapshot in addition to the version number of snapshot. It is not clear that this is actually useful.

The costs to this are a few:

  • It adds size to the timestamp role file (one hash where timestamp would otherwise not contain hashes)
  • It makes the timestamp role file a little harder to read and understand.
  • It makes conceptually reconciling timestamp and snapshot definitions a bit harder for implementers / new folks.
  • It requires a bulkier and less intuitive programmatic representation (in formats.py and tuf_metadata_definitions.asn1).

Snapshot definition
Timestamp definition

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions