I think it's finally time to revisit our autoupdate code! Excitement! Adventures! Bugs....

At a high level, I think our goals are:

• Remove Notary
• Use some modern libraries (Probably go-tuf, happy to hear other suggestions)
• Use a reasonable channel model for specifying which versions
• Expose more functionality inside launcher (right now it's all abstracted out into a goroutine that mostly does it's own thing)
• Improve testability / dev setups

I'd imagine some milestones like:

• Play with go-tuf. What's it like running a server? A client? Can we not have a server, and do it with a static set of files?
• What would porter look like?
• Launcher code? Proper channel and signaling usage
• Test cases!
• deploy a prod server
• go!

launcher work remaining as of 29 June 2023:

• Point to per-arch path [TUF autoupdater] Include arch in release file path and download file path #1195
• Roll out new autoupdate code for internal testing on nightly -- [TUF] Roll out new autoupdater to nightly channel #1391
• Roll out new autoupdate code for internal testing on beta
• Enable gradual rollout to stable ([TUF] Use use_tuf_autoupdater in startupsettings to determine whether to use new autoupdater #1526)
• Release autoupdate fully to stable

endpoint-releaser and monorepo work:

• New TUF infrastructure for development
• New TUF infrastructure for production
• endpoint-releaser publishes and promotes releases to new TUF infrastructure
• Monitor + alert when TUF keys are nearing expiration (https://github.com/kolide/endpoint-releaser/issues/71)
• Allow for changing TUF passphrase (completed but no CI job)