ngclient: Test against other implementations #1756
Comments
I forgot to mention: testing like this would require mocking the current time to roughly the time the snapshot was made. Otherwise the metadata will start expiring sooner or later. |
|
Current state based on manually running python-tuf ngclient against some repositories:
both might have more issues, this is just what they fail on now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be good to have some client testing against repositories produced with other tuf implementations.
I think there are two options in general (could choose one or both):
The former would be an additional regression test -- get it working once and then it might prevent code regressions in future. Latter would be more interesting in that the metadata may change over time (as the metadata just has different variations but also as the other implementation changes), but ultimately it is an unreliable test for multiple reasons so couldn't be a blocking test in CI. I'm not sure yet which makes most sense.
Some possible repos to test against (I have not spoken to the maintainers of any of these repositories about this):
As for what to test, a client refresh from initial root.json certainly makes sense. But if we test against a live repo we could also:
The text was updated successfully, but these errors were encountered: