From 98442f5cb17204cdbb726561f2a953ee704eadba Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 29 Nov 2022 15:28:15 +0200
Subject: [PATCH] signer: Add note about unhandled exceptions

There is (at least currently) no promise that Signer
implementations do not raise unexpected errors.
---
 securesystemslib/signer/_signer.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/securesystemslib/signer/_signer.py b/securesystemslib/signer/_signer.py
index a4e9ad9e..d85f3127 100644
--- a/securesystemslib/signer/_signer.py
+++ b/securesystemslib/signer/_signer.py
@@ -33,6 +33,11 @@ class Signer:
         signer = Signer.from_priv_key_uri("envvar:MYPRIVKEY", pub_key)
         sig = signer.sign(b"data")
 
+    Note that signer implementations may raise errors (during both
+    Signer.from_priv_key_uri() and Signer.sign()) that are not documented here:
+    examples could include network errors or file read errors. Applications
+    should use generic try-except here if unexpected raises are not an option.
+
     See SIGNER_FOR_URI_SCHEME for supported private key URI schemes. The
     currently supported default schemes are:
     * envvar: see SSlibSigner for details