You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
initRoots initializes a TUF environment and will update the target metadata if expired. The results of initRoots are persisted in a singleton to prevent repeated lookups of the certificates from the local TUF repo. The issue is that the TUF metadata may expire, but the singleton will prevent fetching the potentially-updated Fulcio roots.
I'd propose removing the singleton and always read from the TUF metadata. Alternatively the TUF client could persist the certificates and update its copy when the TUF metadata expires.
The text was updated successfully, but these errors were encountered:
initRoots
initializes a TUF environment and will update the target metadata if expired. The results ofinitRoots
are persisted in a singleton to prevent repeated lookups of the certificates from the local TUF repo. The issue is that the TUF metadata may expire, but the singleton will prevent fetching the potentially-updated Fulcio roots.I'd propose removing the singleton and always read from the TUF metadata. Alternatively the TUF client could persist the certificates and update its copy when the TUF metadata expires.
The text was updated successfully, but these errors were encountered: