`Repository.writeall()` may not need to write all dirty roles

[lukpueh]

Description of issue or feature request:

TUF marks roles as dirty if they are changed in roledb. This information is then used by writeall to update role metadata on disk. But not all changes in roledb require updating metadata on disk. E.g. loading a signing key does not.

Current behavior:
At least one function, i.e. load_signing_key marks a role as dirty, although it shouldn't update the corresponding metadata on disk.

Expected behavior:
Reliably track the state of the repository in memory and on disk to know if role metadata needs to be updated. Also see #958.

[lukpueh]

When fixing this issue, we may remove the explicit mark_dirty()-calls in the tutorial code snippets (and the comments that point to this issue and to #958). Ideally writeall() will know by itself which metadata to update.

[jku]

Closing this issue as it was filed against (what is now known as) the legacy codebase: issue seems to not be relevant anymore. Please re-open or file a new issue if you feel that the issue is revelant to current python-tuf.

More details

Current source code (and upcoming 1.0 release) only contains the modern components

• a low-level Metadata API (tuf.api) and
• tuf.ngclient that implements the client workflow,

Legacy components (e.g. tuf.client, tuf.repository_tool, tuf.repository_lib as well as the repo and client scripts) are no longer included. See announcement and API reference for more details.