Tuf

Added
* Add support for BLAKE hash functions (993)
* Don't list root metadata in snapshot metadata, per latest spec (988)
* Enable targets metadata to be generated without access to the target files (1007, 1020)
* Implement support for abstract files and directories (1024, 1034)
* Make lengths and hashes optional for timestamp and snapshot roles (1031)

Changed
* Revise requirements files to have layered requirements (978, 982)
* Update tutorial instructions (981, 992) and documentation (1054, 1001)
* Replace hard-coded logger names (989)
* Fix target file path hashing to ensure paths are hashed as they appear in targets metadata (1007)
* Refactor code handling hashed bins (1007, 1013, 1040, 1058)
* Improve performance when delegating to a large number of hashed bins (1012)
* Improve path handling consistency when adding targets and paths (1008)
* Clarify error message and docstring for custom parameter of add_target() (1027)
* Ensure each key applies to signature threshold only once (1091)

Fixed
* Fix broken CI (985)
* Fix tests (1029, 1064, 1067)
* Fix loading of delegated targets during repository load (1049, 1052, 1071)
* Fix key loading in repo.py (1066)
* Remove redundant code in downloader (1073)
* Fix alarming logging in updater (1092)

* Fix incorrect threshold signature computation (974)
* Drop support for python 3.4 (966)
* Improve documentation (970, 960, 962, 961, 972)
* Improve test suite and tutorial scripts (775)

* Relax spec version format check for backwards compatibility (950)
* Update project metadata (937, 939, 944, 947, 948, 953, 954)
* Update misc dependencies (936, 941, 942, 945, 956)

* Add backwards incompatible TUF spec version checks (842, 844, 854, 914)
* Adopt securesystemslib v0.12.0 update (909, 910, 855, 912, 934)
* Fix multi-root rotation (885, 930)
* Fix duplicate schema definitions (929)
* Refactor metadata generation (836)
* Refactor securesystemslib interface (919)
* Update implementation roadmap (833)
* Improve tests and testing infrastructure (825, 839, 890, 915, 892, 923)
* Improve documentation (824, 849, 852, 853, 893, 924, 928, et al.)
* Update misc dependencies (850, 851, 916, 922, 926, 931)

* Prevent persistent freeze attack (pr [737](https://github.com/theupdateframework/python-tuf/pull/737)).

* Add --no-release option to CLI.

* Issue deprecation warning for all_targets() and targets_of_role().

* Disable file logging, by default.

* Tweak network settings (in settings.py) for production environments.

* Add tuf.log.enable_file_logging() and tuf.log.disable_file_logging().

* Replace %xx escapes in URLs.

* Support Appveyor (for Windows) with Continuous Integration.

* Run unit tests in Python 3.4 & 3.5 under Appveyor.

* Edit contact text to encourage users to report issues with specification.

* Generate (w/ CLI) Ed25519 keys, by default.

* Upgrade dependencies to latest versions.

* Add requirements.in, which is used to generate the other requirement files.

* Update list of adopters.

* Convert README to Markdown.

* Update installation instructions to note SSLib's optional dependencies
that should be installed to support RSA, ECDSA, etc. keys.

* Add unit test for persistent freeze attack.

* Update list of tasks in ROADMAP.md.

Note: This is a backwards-incompatible pre-release.

* Make significant improvements to execution speed of updater.

* Resolve all of the unit test failures in Windows.

* Add or revise many CLI options.
- Add --revoke
- Support ECDSA, RSA, and Ed25519 keys
- Fully support delegated roles
- Revise help descriptions
- Allow 2+ roles to delegate to the same role
- Add --remove
- Add --trust
- Remove obsolete code
- Add --distrust
- Allow any top-level role to be signed
- Allow multiple signing keys with --sign
- Rename default directories
- etc.

* Revise CLI documentation, such as QUICKSTART.md.

* Ensure consistent behavior between add_targets and add_target().

* Add a CLI doc that demonstrates more complex examples.

* Move LICENSE files to the root directory.

* Update dependencies.

* Update TUTORIAL.md to fix links.

* Fix bug where the latest consistent metadata is not loaded.

* Modify the pyup update schedule from daily to weekly.

* Add hashes to requirements.txt.

* Update AUTHORS.txt and add organizations.

* Replace deprecated 'cryptography' functions.

* Remove dependency in dev-requirements.txt that causes error.

* Ensure that the latest consistent metadata is added to Snapshot.

* Tweak a few logger and exception messages.

* Revise introductory text in README.

* Update ADOPTERS.md and link to pages that cover each adoption.

* Remove target paths in metadata that contain leading path separators.

* Address Pylint/Bandit warnings for the CLI modules.

* Replace calls to deprecated 'imp' module.

* Fix bug where the hashing algorithms used to generate local KEYIDs does not
match the ones chosen by the repo.

* Fix bug in tuf.sig.get_signature_status() where a given threshold is not used.

* Refactor code that stores the previous keyids of a role.