An attacker with the ability to insert public keys into a TUF repository can cause clients to accept a staged change that has not been signed by the correct threshold of signatures.
{ "imports": [ { "path": "github.com/theupdateframework/go-tuf/verify", "symbols": [ "DB.Unmarshal", "DB.UnmarshalIgnoreExpired", "DB.UnmarshalTrusted", "DB.Verify", "DB.VerifyIgnoreExpiredCheck", "DB.VerifySignatures" ] } ] }