Skip to content

clarify paths vs path_hash_prefixes (once more) #200

@jku

Description

@jku

There was an attempt to clarify paths vs path_hash_prefixes use in delegations (4.5) a few months ago but it looks like the result is still not quite finished:

The "path_hash_prefixes" and "paths" attributes are OPTIONAL, if used, exactly one of them should be set.

both fields are defined as optional yet it's undefined what happens if neither is set. Currently python-tuf Metadata API is actually not spec compliant: it requires one or the other field to be set: if neither is set, that's an error.

This seems to require a spec clarification and there seem to be two possibilities:

  • spec should require either "path_hash_prefixes" or "paths" to be set OR
  • spec should define what it means if neither is set

I don't have strong opinion but would like a decision. There is an obvious use case for the latter option: If paths and path_hash_prefixes are unset, then everything is delegated:

  • This is a use case for pypi for example: they want a "targets" delegating everything to "bins".
  • There is no obvious way otherwise to delegate everything (as paths=["*"] does not delegate paths with directory separators)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions