rust-tuf doesn't support diamond delegations #381
Description
While writing a delegation builder, I noticed that while we have a test for diamond delegations, it doesn't actually work. Consider this delegation tree:
targets
/ \
A B
\ /
D
Where D is signed correctly by B, but not signed correctly by A.
Both Client::lookup_target_description and Client::target_description_with_start_time will visit:
- targets
- A
- D (error, A did not sign D. marking as visited)
- B
- skip D since it was already visited.
We need to update these delegations as visited only if we decided the delegation is trusted.