[joshuagl]

I don't expect to change your mind about TUF, though I would love to talk about how Debian could adopt pieces of the TUF design where it makes sense _and_ how TUF might provide affordances to better suit Debian.

For other readers, I think it's important to point out that:

1. TUF does not require use of JSON, or any other specific format.

> Implementers of TUF may use any data format for metadata files as long as all fields in this specification are included and TUF clients are able to interpret them without ambiguity. from https://theupdateframework.github.io/specification/v1.0.19/#...

2. The blog post you link to says that TUF does not handle key revocation. That's untrue. TUF does key revocation explicitly, by replacing the listed keys in the root (for top-level roles) and targets (for delegated roles) metadata, and implicitly through expiration times.