Skip to content

Document delegation removal in repository operations #262

New issue
New issue
Open
#306
Open
Document delegation removal in repository operations#262
#306
Assignees
shubhusion
Labels
clarificationgood first issue
@joshuagl

Description

@joshuagl
joshuagl
opened on Nov 18, 2022

@trishankatdatadog summarised the steps for removing a delegation in sigstore/root-signing#546 (comment). We really should include that in the repository operations section of the specification.

Copy/pasted here for ease of reference:

Seems right to me, yes. If there is a delegatee you want to delete, you should delete:

  1. The targets only the delegatee is responsible for.
  2. The delegatee's targets metadata.
  3. The delegation off any delegator's targets metadata.

But keep the snapshot metadata about (2) around until timestamp/snapshot needs to be reset (e.g., due to a fast-forward attack, as described in Section 5.3.11 of the spec).

(3) can safely be updated in the snapshot metadata so long as it doesn't rollback itself.

Originally posted by @trishankatdatadog in sigstore/root-signing#546 (comment)

Metadata

Metadata

Assignees

Labels

clarificationgood first issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions