Upgrade to go-tuf/v2
RebeccaMahany opened this issue · 0 comments
RebeccaMahany commented
The current version of go-tuf is go-tuf/v2, and it has departed significantly from the version of go-tuf we use. We would like to update to use go-tuf/v2 to be able to pull in security patches and new features.
Upgrading to this new version of the package is nontrivial. I put together a first pass at some changes in this PR to get a sense of the scope.
We likely want to wait for theupdateframework/go-tuf#593 to be completed before upgrading to v2. However, we can get started ahead of time by replacing our direct usage of go-tuf with interfaces that we can swap out more easily later.
- Replace direct usage of go-tuf with interface in ee/tuf, TUF checkup, TUF info table, and packaging code
- Update to use go-tuf/v2
- Extensive testing