From d489b534902f022affde3c3b1510c112b90f7385 Mon Sep 17 00:00:00 2001
From: Fredrik Skogman <kommendorkapten@github.com>
Date: Fri, 22 Dec 2023 14:33:31 +0100
Subject: [PATCH] Clarified the use of unsafe local mode

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
---
 pkg/tuf/client.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/tuf/client.go b/pkg/tuf/client.go
index b803c140..2b8c53a3 100644
--- a/pkg/tuf/client.go
+++ b/pkg/tuf/client.go
@@ -64,6 +64,12 @@ func New(opts *Options) (*Client, error) {
 	// client (only reads content on disk) and then decide if we
 	// must perform a full TUF update.
 	var tmpCfg = *c.cfg
+	// Create a temporary config for the first use where UnsafeLocalMode
+	// is true. This means that when we first initialize the client,
+	// we are guaranteed to only read the metadata on disk.
+	// Based on that metadata we take a decision if a full TUF
+	// refresh should be done or not. As so, the tmpCfg is only needed
+	// here and not in future invocations.
 	tmpCfg.UnsafeLocalMode = true
 	c.up, err = updater.New(&tmpCfg)
 	if err != nil {