From eab64ac944158eac5753a7898492b8d6fd9c53a9 Mon Sep 17 00:00:00 2001 From: Joshua Lock Date: Mon, 10 Aug 2020 11:35:31 +0100 Subject: [PATCH] client: add comment to document a design choice Add a comment documenting why we perform the root self verification in _verify_metadata_file Signed-off-by: Joshua Lock --- tuf/client/updater.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tuf/client/updater.py b/tuf/client/updater.py index 574de63d34..887e0e48fb 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -1490,6 +1490,12 @@ def _verify_metadata_file(self, metadata_file_object, # For root metadata, verify the downloaded root metadata object with the # new threshold of new signatures contained within the downloaded root # metadata object + # NOTE: we perform the checks on root metadata here because this enables + # us to perform the check before the tempfile is persisted. Furthermore, + # by checking here we can easily perform the check for each download + # mirror. Whereas if we check after _verify_metadata_file we may be + # persisting invalid files and we cannot try copies of the file from other + # mirrors. if valid and metadata_role == 'root': valid = self._verify_root_self_signed(metadata_signable) if not valid: