Add example for downloading foo/bar/baz target files#66
Conversation
This extends section 5.5.2 to include examples on how a client should download artifacts from a subdirectory. It uses the approach that python-tuf and go-tuf use, where downloading a target path like `path/to/file.ext` when consistent snapshots are enabled are fetched from `path/to/$HASH.file.ext`.
lukpueh
left a comment
lukpueh
left a comment
There was a problem hiding this comment.
Thanks for the PR, @erickt! TBH I'm not quite sure about this addition.
The paragraph specifically talks about filenames, and how consistent snapshots affect them. I don't think it needs to talk about the full TARGETPATH. (It doesn't talk about the base URL of the repository either.)
If we do decide to accept this addition, we should change occurrences of filename (case-sensitive) with path or relative path, because e.g. PATH/TO/FILENAME.EXT is not a filename.
Maybe others can weigh in? (cc @mnm678, @trishankatdatadog, @JustinCappos)
Independently, I agree with your request in #63 to clarify/standardize TARGETPATH, and I have proposed a fix in #67.
|
I agree with @lukpueh. This paragraph is referring just to the file, not the base url and path used to find the file. There might be a place to clarify how to download target files from a subdirectory elsewhere in the spec (maybe 3.1.1 or 4.5). |
|
@trishankatdatadog, do you disagree with the concerns I and @mnm678 raised? Do you think we should merge the PR as is? |
trishankatdatadog
left a comment
trishankatdatadog
left a comment
There was a problem hiding this comment.
LGTM, I already approved last week
|
As per tuf-spec.md#L408-L413
I wonder if that paragraph deliberately ignores the fact that TUF does indeed specify filenames of target files, albeit only if "consistent snapshots" are used. If we add @erickt's example to 3.1.1, we have to briefly mention consistent snapshots. I think it's worth it. What do others think? |
|
I'll take a stab at this next week. |
5 participants
This extends section 5.5.2 to include examples on how a client should download artifacts from a subdirectory. It uses the approach that python-tuf and go-tuf use, where downloading a target path like
path/to/file.extwhen consistent snapshots are enabled are fetched frompath/to/$HASH.file.ext.