Write a story to solve the manifest signature uniqueness problem
We have a problem where manifest signatures are not part of the manifest digest, but the manifest digest is the unit key. This means that if there are signed and unsigned or signed and differently-signed manifests floating around, Pulp will not consider them to be different. There are a few ways that this problem might be solved:
- Store the actual checksum of the manifest, which will include the signatures
- Always download all manifests during sync, and compare signatures with the signatures we already know about. If there are new signatures, add them to our existing manifest (i.e., a mutable Unit)
- Any other bright ideas?
We should collect use cases to drive the choice we make. Write a story!
Updated by bmbouter over 4 years ago
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.