Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

expiration date might prevent installation #73

Open
lukpueh opened this issue Mar 22, 2023 · 3 comments
Open

expiration date might prevent installation #73

lukpueh opened this issue Mar 22, 2023 · 3 comments
Labels
X41 Informational findings from X41 source code audit

Comments

@lukpueh
Copy link
Member

lukpueh commented Mar 22, 2023
edited
Loading

[based on the X41 specification and source code audit]

The expiration date in the layout files might prevent users from properly verifying and installing a product after that date. This might force the users of in-toto to create additional releases that offer no functional changes or use overly long expiration dates.

Solution Advice
X41 recommends to add an option to enforce a certain version counter value.
@lukpueh
Copy link
Member Author

lukpueh commented Mar 22, 2023

existing solution: ITE-2

@lukpueh
Copy link
Member Author

lukpueh commented Mar 22, 2023
edited
Loading

Also note that issuing a new layout for a supply chain does not necessarily require creating a new release of the product.

@lukpueh lukpueh added the X41 Informational findings from X41 source code audit label Mar 30, 2023
@adityasaky
Copy link
Member

Does the use of ITE-2 to associate layouts generally handle this? Can we close it with #75 even if expiration isn't explicitly mentioned there?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
X41 Informational findings from X41 source code audit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukpueh @adityasaky