Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expiration date might prevent installation #73

Open
lukpueh opened this issue Mar 22, 2023 · 3 comments
Open

expiration date might prevent installation #73

lukpueh opened this issue Mar 22, 2023 · 3 comments
Labels
X41 Informational findings from X41 source code audit

Comments

@lukpueh
Copy link
Member

lukpueh commented Mar 22, 2023
edited
Loading

[based on the X41 specification and source code audit]

The expiration date in the layout files might prevent users from properly verifying and installing a product after that date. This might force the users of in-toto to create additional releases that offer no functional changes or use overly long expiration dates.

Solution Advice
X41 recommends to add an option to enforce a certain version counter value.
@lukpueh
Copy link
Member Author

lukpueh commented Mar 22, 2023

existing solution: ITE-2

@lukpueh
Copy link
Member Author

lukpueh commented Mar 22, 2023
edited
Loading

Also note that issuing a new layout for a supply chain does not necessarily require creating a new release of the product.

@lukpueh lukpueh added the X41 Informational findings from X41 source code audit label Mar 30, 2023
@adityasaky
Copy link
Member

Does the use of ITE-2 to associate layouts generally handle this? Can we close it with #75 even if expiration isn't explicitly mentioned there?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
X41 Informational findings from X41 source code audit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukpueh @adityasaky