Great proposal! I just have some minor comments: - it would help to explain somewhere (and if possible early in the document) what does it mean to sign a file, i.e. adding a field "signature". The "Signed files and tags" explain part of the process, but without explicitly saying anything.
- also it was not totally clear to me at first read that the Linearity condition is a kind of "custom policy checking", where the custom policy is actually quite different of what the default TUF specification. i.e., the snapshot bot should know and apply a policy set by the repository maintainers (which can change over time). Let me know if you need something special in ocaml-git (such as more support for annotated tags) to implement the proposal. Best, Thomas > On 8 Jun 2015, at 03:52, Louis Gesbert <[email protected]> wrote: > > I just added an issue to track the needed improvements to the specification > arising from the discussions here [1]. Please keep the discussion in the ML > for now :) -- and thanks for the feedback! > > [1] https://github.com/ocaml/opam/issues/2182 > > Louis > _______________________________________________ > Platform mailing list > [email protected] > http://lists.ocaml.org/listinfo/platform _______________________________________________ Platform mailing list [email protected] http://lists.ocaml.org/listinfo/platform
