client: add comment to document a design choice

Add a comment documenting why we perform the root self verification in _verify_metadata_file Signed-off-by: Joshua Lock <jlock@vmware.com>
theupdateframework · Aug 10, 2020 · eab64ac · eab64ac
1 parent 6eaf194
commit eab64ac
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/tuf/client/updater.py b/tuf/client/updater.py
@@ -1490,6 +1490,12 @@ def _verify_metadata_file(self, metadata_file_object,
  # For root metadata, verify the downloaded root metadata object with the
  # new threshold of new signatures contained within the downloaded root
  # metadata object
+ # NOTE: we perform the checks on root metadata here because this enables
+ # us to perform the check before the tempfile is persisted. Furthermore,
+ # by checking here we can easily perform the check for each download
+ # mirror. Whereas if we check after _verify_metadata_file we may be
+ # persisting invalid files and we cannot try copies of the file from other
+ # mirrors.
  if valid and metadata_role == 'root':
  valid = self._verify_root_self_signed(metadata_signable)
  if not valid: