Description of issue or feature request:
securesystemslib was not always a library. Many of its modules and functions previously lived in the TUF repository. Unfortunately, there are still references to TUF in some of the securesystemslib comments.
Current behavior:
There are references to TUF in comments and there exist schemata that are only relevant to TUF. For example:
|
A central location for all format-related checking of TUF objects. |
|
Note: 'formats.py' depends heavily on 'schema.py', so the 'schema.py' |
|
module should be read and understood before tackling this module. |
|
|
|
'formats.py' can be broken down into three sections. (1) Schemas and object |
|
matching. (2) Classes that represent Role Metadata and help produce |
|
correctly formatted files. (3) Functions that help produce or verify TUF |
|
# Version information specified in "snapshot.json" for each role available on |
|
# the TUF repository. The 'FILEINFO_SCHEMA' object was previously listed in |
|
# the snapshot role, but was switched to this object format to reduce the |
|
# amount of metadata that needs to be downloaded. Listing version numbers in |
|
# "snapshot.json" also prevents rollback attacks for roles that clients have |
|
# not downloaded. |
|
VERSIONINFO_SCHEMA = SCHEMA.Object( |
|
object_name = 'VERSIONINFO_SCHEMA', |
|
version = METADATAVERSION_SCHEMA) |
Expected behavior:
TUF references in securesystemslib should be removed and TUF-related schemata relocated to the TUF repository.
