Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git-repo: add tuf-client-like security features to both signer and repo #41

Open
jku opened this issue Feb 24, 2023 · 0 comments
Open

git-repo: add tuf-client-like security features to both signer and repo #41

jku opened this issue Feb 24, 2023 · 0 comments
Labels
git-repo

Comments

@jku
Copy link
Owner

jku commented Feb 24, 2023

Example: if the repository is compromised and the whole metadata is replaced with something not signed by correct keys, the signer should refuse to operate (because it keeps a client-like metadata cache and the "update" from cached state fails). This could even be implemented as a fairly normal TUF client (just one that fetches metadata from the git tree)
@jku jku added the git-repo label Mar 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
git-repo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jku