-
Notifications
You must be signed in to change notification settings - Fork 292
Description
The spec does not say anything about role name uniqueness in a delegations object but I believe we cannot safely allow multiple roles with same role name in the roles array of a delegations object. If we did then the roles could have different keyids, and then we would end up in a situation where a metadata may be both a valid delegation and an invalid delegation at the same time, depending on how the role gets chosen and that does not seem like the intention of the design.
I don't think there are real uses cases for non-unique role names in delegations either -- and I assume that this situation is just an unintentional side-effect of making roles an ordered list -- so the spec should possibly clarify that uniqueness is required (although I guess theoretically some complex ordering issue could be solved by multiple roles per role name).
Regardless, metadata API should IMO enforce role name uniqueness on Delegations.roles unless a good case is made against that.