From 74fd891677817320a2f5701d436ac9f98161bc18 Mon Sep 17 00:00:00 2001
From: Teodora Sechkova <tsechkova@vmware.com>
Date: Wed, 16 Jun 2021 16:25:08 +0300
Subject: [PATCH] Document fast-forward attack recovery

Document why deleting the timestamp and snapshot files
is not needed to recover from a fast-forward attack.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
---
 tuf/ngclient/_internal/metadata_bundle.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tuf/ngclient/_internal/metadata_bundle.py b/tuf/ngclient/_internal/metadata_bundle.py
index e0aea551e0..b4ffeb12b7 100644
--- a/tuf/ngclient/_internal/metadata_bundle.py
+++ b/tuf/ngclient/_internal/metadata_bundle.py
@@ -243,6 +243,11 @@ def root_update_finished(self):
         if self.root.signed.is_expired(self.reference_time):
             raise exceptions.ExpiredMetadataError("New root.json is expired")
 
+        # No need to recover from fast-forward attack here since
+        # timestamp and snapshot are not loaded at this point and
+        # when loaded later will be verified with the new rotated
+        # keys.
+
         self._root_update_finished = True
         logger.debug("Verified final root.json")