Skip to content

Metadata API: Role keyids is not ordered #1478

@jku

Description

@jku

We made Role.keyids a set because the keyids are supposed to be unique -- this still makes sense

However, the data should also preserve order (when deserialized and serialized) and currently it does not. This is fairly serious since writing signed data potentially modifies the data (making the signature invalid).

  • We should have tests that deserialize/serialize metadata with more than one item in each container (like roles keyids) to notice issues like this -- this should be easy now that the serialization tests exist
  • We should fix the issue with Role.keyids -- my assumption is that the issue is Set not being ordered but I'm not 100% on that

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions