client: add comment to document a design choice

Add a comment documenting why we perform the root self verification in
_verify_metadata_file

Signed-off-by: Joshua Lock <[email protected]>

Author: joshuagl

tuf/client/updater.py

@@ -1490,6 +1490,12 @@ def _verify_metadata_file(self, metadata_file_object,
     # For root metadata, verify the downloaded root metadata object with the
     # new threshold of new signatures contained within the downloaded root
     # metadata object
+    # NOTE: we perform the checks on root metadata here because this enables
+    # us to perform the check before the tempfile is persisted. Furthermore,
+    # by checking here we can easily perform the check for each download
+    # mirror. Whereas if we check after _verify_metadata_file we may be
+    # persisting invalid files and we cannot try copies of the file from other
+    # mirrors.
     if valid and metadata_role == 'root':
       valid = self._verify_root_self_signed(metadata_signable)
       if not valid: