From 461cfb601f8ecf2f0738918a54c2e7d6eb086488 Mon Sep 17 00:00:00 2001 From: Aditya Sirish Date: Fri, 23 Feb 2024 16:58:47 -0500 Subject: [PATCH] fixup! remind why this is important Signed-off-by: Aditya Sirish --- tuf-spec.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tuf-spec.md b/tuf-spec.md index 37f0a08..db522fe 100644 --- a/tuf-spec.md +++ b/tuf-spec.md @@ -1098,11 +1098,13 @@ attributes are OPTIONAL, if used, exactly one of them should be set. * a PATHPATTERN of `"foo/*"` matches `"foo/bar.tgz"` but not `"foo/baz/bar.tgz"`, `"foo/bar/baz/bar.tgz"`, and so on. - Note: It is important to understand the functioning of path patterns to - avoid mistaken assumptions that can lead to a false sense of security. For - example, an assumption that `"foo/*"` applies recursively to all files in - subdirectories of `foo` in a terminating delegation could allow a subsequent - delegated role that should not be trusted to sign for a target. + Note: As each describes the paths that a delegated role is + trusted to provide, it is important to understand the functioning of path + patterns to avoid mistaken assumptions that can lead to a false sense of + security. For example, an assumption that `"foo/*"` applies recursively to + all files in subdirectories of `foo` in a terminating delegation could allow + a subsequent delegated role that should not be trusted to sign for a target + in a subdirectory of `foo`.