Tuf

Added
* Added a mechanism to the Updater to disable the hash prefix for target files
even when `consistent_snapshot` is enabled for a repository (1102)

Changed
* Updater now uses keyids provided in the metadata, rather than re-calculating
keyids using `keyid_hash_algorithms` (1014, 1121)
* When loading an existing repository the keyids provided in the metadata will
be used, rather than re-calculating keyids using `keyid_hash_algorithms` (1014, 1121)
* Improve reliability and performance of tests by removing sleep calls, instead
use polling to check whether the simple_server is ready to accept
connections (1096)
* Only calculate lengths and hashes of files listed by timestamp and snapshot
metadata when those lengths and hashes will be included in the metadata (1097)
* Re-raise chained exceptions explicitly per PEP 3134 (1116)
* Remove use of `securesystemslib.settings.HASH_ALGORITHMS`, instead pass
desired algorithms explicitly to securesystemslib's
`keys.format_metadata_to_key` (1016)

Fixed
* Better adhere to the detailed client workflow in the specification by
ensuring that a newly downloaded root metadata file is verified with a
threshold of its own signatures (1101)
* Update a delegating role's metadata when adding a new verification key to a
delegated role (1037)

Added
* Add support for BLAKE hash functions (993)
* Don't list root metadata in snapshot metadata, per latest spec (988)
* Enable targets metadata to be generated without access to the target files (1007, 1020)
* Implement support for abstract files and directories (1024, 1034)
* Make lengths and hashes optional for timestamp and snapshot roles (1031)

Changed
* Revise requirements files to have layered requirements (978, 982)
* Update tutorial instructions (981, 992) and documentation (1054, 1001)
* Replace hard-coded logger names (989)
* Fix target file path hashing to ensure paths are hashed as they appear in targets metadata (1007)
* Refactor code handling hashed bins (1007, 1013, 1040, 1058)
* Improve performance when delegating to a large number of hashed bins (1012)
* Improve path handling consistency when adding targets and paths (1008)
* Clarify error message and docstring for custom parameter of add_target() (1027)
* Ensure each key applies to signature threshold only once (1091)

Fixed
* Fix broken CI (985)
* Fix tests (1029, 1064, 1067)
* Fix loading of delegated targets during repository load (1049, 1052, 1071)
* Fix key loading in repo.py (1066)
* Remove redundant code in downloader (1073)
* Fix alarming logging in updater (1092)

* Fix incorrect threshold signature computation (974)
* Drop support for python 3.4 (966)
* Improve documentation (970, 960, 962, 961, 972)
* Improve test suite and tutorial scripts (775)

* Relax spec version format check for backwards compatibility (950)
* Update project metadata (937, 939, 944, 947, 948, 953, 954)
* Update misc dependencies (936, 941, 942, 945, 956)

* Add backwards incompatible TUF spec version checks (842, 844, 854, 914)
* Adopt securesystemslib v0.12.0 update (909, 910, 855, 912, 934)
* Fix multi-root rotation (885, 930)
* Fix duplicate schema definitions (929)
* Refactor metadata generation (836)
* Refactor securesystemslib interface (919)
* Update implementation roadmap (833)
* Improve tests and testing infrastructure (825, 839, 890, 915, 892, 923)
* Improve documentation (824, 849, 852, 853, 893, 924, 928, et al.)
* Update misc dependencies (850, 851, 916, 922, 926, 931)

* Prevent persistent freeze attack (pr [737](https://github.com/theupdateframework/python-tuf/pull/737)).

* Add --no-release option to CLI.

* Issue deprecation warning for all_targets() and targets_of_role().

* Disable file logging, by default.

* Tweak network settings (in settings.py) for production environments.

* Add tuf.log.enable_file_logging() and tuf.log.disable_file_logging().

* Replace %xx escapes in URLs.

* Support Appveyor (for Windows) with Continuous Integration.

* Run unit tests in Python 3.4 & 3.5 under Appveyor.

* Edit contact text to encourage users to report issues with specification.

* Generate (w/ CLI) Ed25519 keys, by default.

* Upgrade dependencies to latest versions.

* Add requirements.in, which is used to generate the other requirement files.

* Update list of adopters.

* Convert README to Markdown.

* Update installation instructions to note SSLib's optional dependencies
that should be installed to support RSA, ECDSA, etc. keys.

* Add unit test for persistent freeze attack.

* Update list of tasks in ROADMAP.md.