Add TODO message for handling expections on verification

Currently if incompatible Signature is used for verification with a Key that supports different Signature, it will cause an error and breaks the signature verification. This needs to be handled in future, so that such case won't happen. Signed-off-by: Pradyumna Krishna <[email protected]>
in-toto · Jul 22, 2022 · 8fa108a · 8fa108a
1 parent 56d8102
commit 8fa108a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/securesystemslib/metadata.py b/securesystemslib/metadata.py
@@ -140,6 +140,8 @@ def verify(self, keys: List[Key], threshold: int) -> Dict[str, Key]:
                     continue
 
                 # If a key verifies the signature, we exit and use the result.
+                # TODO: Handle exception when verifying incompatible Signature type
+                # with a Key (e.g. Signature and GPGKey).
                 if key.verify(signature, pae):
                     accepted_keys[key.keyid] = key
                     break