From 6ce62e726a155292f2591127cbe0eb23fc106b2c Mon Sep 17 00:00:00 2001 From: h4l0gen Date: Mon, 3 Jun 2024 19:06:37 +0530 Subject: [PATCH] adding
disclosure element Signed-off-by: h4l0gen --- content/metadata.md | 51 +++++++++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/content/metadata.md b/content/metadata.md index af620cd..5da8b05 100644 --- a/content/metadata.md +++ b/content/metadata.md @@ -40,9 +40,9 @@ Specifies the other top-level roles. When specifying these roles, the trusted keys for each are listed, along with the minimum number of those keys required to sign the role's metadata. We call this number the signature threshold. -See an **example** - -``` +
+ Example Root metadata +

 {
  "signatures": [
   {
@@ -150,7 +150,8 @@ See an **example**
   "version": 1
  }
 }
-``` 
+  
+
## Targets Metadata (targets.json) @@ -167,8 +168,9 @@ so in a way similar to how the Root role specifies the top-level roles: by givin the trusted keys and signature threshold for each role. Additionally, one or more [glob patterns](https://en.wikipedia.org/wiki/Glob_(programming)) will be specified to indicate the target file paths for which clients should trust each delegated role. -See as an **example** -``` +
+ Example Targets metadata +

 {
  "signatures": [
   {
@@ -236,7 +238,8 @@ See as an **example**
   "version": 1
  }
 }
-```
+  
+
## Delegated Targets Metadata (role1.json) @@ -260,8 +263,9 @@ metadata file would be found at: /ANOTHER_ROLE.json -See **example** of delegated Targets metadata -``` +
+ Example delegated Targets metadata +

 {
  "signatures": [
   {
@@ -317,10 +321,12 @@ See **example** of delegated Targets metadata
   "version": 1
  }
 }
-```
-
-and **example** of a nested delegation
-```
+  
+
+and +
+ Example nested delegation +

 {
  "signatures": [
   {
@@ -338,7 +344,8 @@ and **example** of a nested delegation
   "version": 1
  }
 }
-```
+  
+
## Snapshot Metadata (snapshot.json) @@ -350,8 +357,9 @@ view of all files on the repository. That is, metadata files (and thus Target files) that existed on the repository at different times cannot be combined and presented to clients by an attacker. -​See **example** of Snapshot metadata. -``` +
+ Example Snapshot metadata +

 {
  "signatures": [
   {
@@ -379,7 +387,8 @@ and presented to clients by an attacker.
   "version": 1
  }
 }
-```
+  
+
## Timestamp Metadata (timestamp.json) @@ -403,8 +412,9 @@ keys should be used for signing the snapshot.json file so that the Snapshot role's keys can be kept offline, and thus more secure. * Timestamp.json may be given to mirrors. -See **example** of Timestamp metadata. -``` +
+ Example Timestamp metadata +

 {
  "signatures": [
   {
@@ -430,4 +440,5 @@ See **example** of Timestamp metadata.
   "version": 1
  }
 }
-```
\ No newline at end of file
+  
+
\ No newline at end of file