README: Remove limitations

jku · jku · commit f56d5267ed9b · 2022-11-18T13:16:41.000+02:00
There may be ways to unsafely use the client library but situation
should be significantly better now with ngclient:
  * metadata writing is safer, more atomic
  * non-root cached metadata is never trusted (so inconsistent
    cached repository is not a security issue)
  * the cache locations are now clearly application
    decisions (they are required Updater constructor args)

Move the notice to Updater module documentation.

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/README.md b/README.md
@@ -82,12 +82,6 @@ Security Issues and Bugs
 
 See [SECURITY.md](docs/SECURITY.md)
 
-Limitations
------------
-
-The reference implementation may behave unexpectedly when concurrently
-downloading the same target files with the same TUF client.
-
 License
 -------
 
diff --git a/tuf/ngclient/updater.py b/tuf/ngclient/updater.py
@@ -28,6 +28,10 @@
       * ``Updater.download_target()`` downloads a target file and ensures it is
         verified correct by the metadata.
 
+Note that applications using ``Updater`` should be 'single instance'
+applications: running multiple instances that use the same cache directories at
+the same time is not supported.
+
 A simple example of using the Updater to implement a Python TUF client that
 downloads target files is available in `examples/client_example
 <https://github.com/theupdateframework/python-tuf/tree/develop/examples/client_example>`_.
