From a6bae0fbd33a27293992f276a2ca78146f8253e2 Mon Sep 17 00:00:00 2001 From: Justin Cappos Date: Mon, 19 Jan 2026 13:01:26 -0500 Subject: [PATCH 1/2] Update TUF threshold information and editor details I'm proposing a patch spec update to make it clearer that a threshold of 0 (or less) is not allowed. See: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525 for more details. I've also updated people's affiliation and suggested that slack is the best way to contact us. Signed-off-by: Justin Cappos --- tuf-spec.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index 1eda0da..22266f1 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -3,12 +3,12 @@ Title: The Update Framework Specification Shortname: TUF Status: LS Abstract: A framework for securing software update systems. -Date: 2023-04-14 +Date: 2026-01-19 Editor: Justin Cappos, NYU -Editor: Trishank Karthik Kuppusamy, Datadog -Editor: Joshua Lock, Verizon -Editor: Marina Moore, NYU -Editor: Lukas Pühringer, NYU +Editor: Trishank Karthik Kuppusamy, Apple +Editor: Joshua Lock, VMware +Editor: Marina Moore, Edera +Editor: Lukas Pühringer, Eclipse Repository: theupdateframework/specification Mailing List: https://groups.google.com/forum/?fromgroups#!forum/theupdateframework Indent: 2 @@ -16,13 +16,12 @@ Boilerplate: copyright no, conformance no Local Boilerplate: header yes Markup Shorthands: css no, markdown yes Metadata Include: This version off, Abstract off -Text Macro: VERSION 1.0.33 +Text Macro: VERSION 1.0.34 Note: We strive to make the specification easy to implement, so if you come across any inconsistencies or experience any difficulty, do let us know by -sending an email to our [mailing list]( - https://groups.google.com/forum/?fromgroups#!forum/theupdateframework), +messaging us on the [CNCF slack](https://communityinviter.com/apps/cloud-native/cncf) channel #tuf, or by reporting an issue in the [specification repo]( https://github.com/theupdateframework/specification/issues). @@ -752,7 +751,7 @@ The "signed" portion of root.json is as follows: : THRESHOLD :: - An integer number of keys of that role whose signatures are required in + A positive integer number of keys (>=1) of that role whose signatures are required in order to consider a file as being properly signed by that role.
@@ -1040,6 +1039,12 @@ format: The rolename MUST be unique in the delegations object: multiple roles with the same rolename are not allowed within a DELEGATIONS. + : THRESHOLD + :: + A positive integer number of keys (>=1) of that role whose signatures are required in + order to consider a file as being properly signed by that role. See the notes on + THRESHOLD counting in the relevant steps of [[#detailed-client-workflow]]. + : TERMINATING :: A boolean indicating whether subsequent delegations should be considered @@ -1108,6 +1113,7 @@ that of the third one, etc. In order to accommodate prioritized delegations, the "roles" key in the DELEGATIONS object above points to an array of delegated roles, rather than to a hash table. + The metadata files for delegated target roles has the same format as the top-level targets.json metadata file. From cc4413632f7690878f22633d800ebaed2d0c17d2 Mon Sep 17 00:00:00 2001 From: Justin Cappos Date: Tue, 20 Jan 2026 13:42:41 -0500 Subject: [PATCH 2/2] Update tuf-spec.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Lukas Pühringer Signed-off-by: Justin Cappos --- tuf-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuf-spec.md b/tuf-spec.md index 22266f1..f6f31bf 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -6,7 +6,7 @@ Abstract: A framework for securing software update systems. Date: 2026-01-19 Editor: Justin Cappos, NYU Editor: Trishank Karthik Kuppusamy, Apple -Editor: Joshua Lock, VMware +Editor: Joshua Lock, Verizon Editor: Marina Moore, Edera Editor: Lukas Pühringer, Eclipse Repository: theupdateframework/specification