Skip to content

Update TUF threshold information and editor details #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JustinCappos wants to merge 1 commit into
base: master
Choose a base branch
from
+15 −9
Open

Update TUF threshold information and editor details #314

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 15 additions & 9 deletions tuf-spec.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,25 @@ Title: The Update Framework Specification
Shortname: TUF
Status: LS
Abstract: A framework for securing software update systems.
Date: 2023-04-14
Date: 2026-01-19
Editor: Justin Cappos, NYU
Editor: Trishank Karthik Kuppusamy, Datadog
Editor: Joshua Lock, Verizon
Editor: Marina Moore, NYU
Editor: Lukas Pühringer, NYU
Editor: Trishank Karthik Kuppusamy, Apple
Editor: Joshua Lock, VMware
Copy link
Member

@lukpueh lukpueh Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Editor: Joshua Lock, VMware
Editor: Joshua Lock, Verizon

AFAIK, Joshua switched from VMware to Verizon, so this should already be up to date. cc @joshuagl

Editor: Marina Moore, Edera
Editor: Lukas Pühringer, Eclipse
Repository: theupdateframework/specification
Mailing List: https://groups.google.com/forum/?fromgroups#!forum/theupdateframework
Indent: 2
Boilerplate: copyright no, conformance no
Local Boilerplate: header yes
Markup Shorthands: css no, markdown yes
Metadata Include: This version off, Abstract off
Text Macro: VERSION 1.0.33
Text Macro: VERSION 1.0.34
</pre>

Note: We strive to make the specification easy to implement, so if you come
across any inconsistencies or experience any difficulty, do let us know by
sending an email to our [mailing list](
https://groups.google.com/forum/?fromgroups#!forum/theupdateframework),
messaging us on the [CNCF slack](https://communityinviter.com/apps/cloud-native/cncf) channel #tuf,
or by reporting an issue in the [specification repo](
https://github.com/theupdateframework/specification/issues).

Expand Down Expand Up @@ -752,7 +751,7 @@ The "signed" portion of <a>root.json</a> is as follows:

: <dfn>THRESHOLD</dfn>
::
An integer number of keys of that role whose signatures are required in
A positive integer number of keys (>=1) of that role whose signatures are required in
order to consider a file as being properly signed by that role.

<div class='example' id='example-root.json'>
Expand Down Expand Up @@ -1040,6 +1039,12 @@ format:
The rolename MUST be unique in the delegations object: multiple roles with
the same rolename are not allowed within a <a>DELEGATIONS</a>.

: <dfn>THRESHOLD</dfn>
::
A positive integer number of keys (>=1) of that role whose signatures are required in
order to consider a file as being properly signed by that role. See the notes on
<a>THRESHOLD</a> counting in the relevant steps of [[#detailed-client-workflow]].

: <dfn>TERMINATING</dfn>
::
A boolean indicating whether subsequent delegations should be considered
Expand Down Expand Up @@ -1108,6 +1113,7 @@ that of the third one, etc. In order to accommodate prioritized
delegations, the "roles" key in the <a>DELEGATIONS</a> object above points to an array
of delegated roles, rather than to a hash table.


The metadata files for delegated target roles has the same format as the
top-level <a>targets.json</a> metadata file.

Expand Down