Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

what should clients do with multiple hash algos #174

Open
jku opened this issue Aug 26, 2024 · 0 comments
Open

what should clients do with multiple hash algos #174

jku opened this issue Aug 26, 2024 · 0 comments
Labels
specification

Comments

@jku
Copy link
Member

jku commented Aug 26, 2024
edited
Loading

Some open questions not defined in spec:

  • if there are mutliple hash algorithms listed for an artifact, must the client verify all of them?
  • if client only supports some of the algorithms listed, is it ok to only verify those
  • should the client be able to use metadata that contains hash algorithms it does not support or know about (assuming hashes can be verified using known algorithms)?
jku added a commit to jku/tuf-conformance that referenced this issue Aug 26, 2024
@jku
Add tests for hash algorithm support
59e34ce 
* Spec does not clearly state what algorithms should be supported
* Test for sha256, sha512 and finally both of them
* Test a unknown hash algo as well
* Avoid testing unknown + known algo: the expected results is not clear,
  see theupdateframework#174

If we had a good "optional feature" selection we could use that for the
supported algorithms but for now I think xfail works for this case.

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku jku mentioned this issue Aug 26, 2024
Merged
jku added a commit that referenced this issue Aug 27, 2024
@jku
Add tests for hash algorithm support (#175)
b8f2205 
* Spec does not clearly state what algorithms should be supported
* Test for sha256, sha512 and finally both of them
* Test a unknown hash algo as well
* Avoid testing unknown + known algo: the expected results is not clear,
  see #174

If we had a good "optional feature" selection we could use that for the
supported algorithms but for now I think xfail works for this case.

Signed-off-by: Jussi Kukkonen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
specification
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jku