You received this message because you are subscribed to the Google Groups "The Update Framework (TUF)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to theupdateframew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/theupdateframework/CAHYnHHanMbZ0mw%2Byi-aRb8VSf_L_5MDtvW2CWoYF0c6%3DLJPi-w%40mail.gmail.com.
Unfortunately, I won’t make the community meeting next week, so I have been looking at TAPs 13 and 15.
TAP 15 seems in a good place to move to accepted. It’s a relatively small and optional change which is an easy win for reducing the size of the top-level targets metadata when using hashed bin delegations.
I’d really like to see it accepted and implemented in python-tuf before PyPI/warehouse rolls out its TUF integration.
(I opened a minor clarity PR against the TAP https://github.com/theupdateframework/taps/pull/146)
TAP 13 I like a lot but there are still open questions (https://github.com/theupdateframework/taps/issues/137) around the mapping metadata format, whether the client can provide a top-level targets metadata file (rather than just map to repository hosted metadata), and how the TAP interacts with TAP 4. I’ve added some thoughts on these in the issue, but tl;dr I think we need to figure out how TAP 13 interacts with TAP 4 before we move TAP 13 to accepted.
I’d also really like to see a PoC for TAP 13 built on the refactored python-tuf.
VMware Open Source Technology Center