python-tuf
python-tuf copied to clipboard
theupdateframework
Python reference implementation of The Update Framework (TUF)
### Issue Description The purpose of this issue is to kindly ask whether listing `securesystemslib[crypto]` as a dependency would improve the out-of-the-box experience with `python-tuf`. I noticed that `pip3 install...
Sigstore's python client would like to use the TUF updater in a fully offline manner to allow for opt-in offline verification. To do so would require TUF to function using...
The Repository interface looks like it does largely because of needs from A) `verify_delegate` and B) `sign`: Both needed to be called on a Metadata object and former event took...
Currently `Repository.do_snapshot()` and `Repository.do_timestamp()` decide whether the update is needed by looking at whether the contents are up-to-date. This bypasses one case where timestamp and snapshot are needed: when the...
This comes from #2363 / #2359 : we should make the config somehow immutable once it's been used by Updater. This should be a difficult mistake to make: ``` updater...
This is some initial implementation work for the TAP per the [most recent pr](https://github.com/theupdateframework/taps/pull/163). My plan for this pr is to include: - [x] Rotate file definition - [x] Use...
**NOTE: This ticket is for a potential GSoC 2023 task.** TUF’s specification was written with artifacts stored in traditional file systems in mind. As such, it specifies explicitly how artifacts...
I'd like to have a text I can link to that explains some of the things that affect the choices in TUF repository setup and (now that we have multiple...
Our JSON serialization is basically `json.dumps(metadata_obj.to_dict(), ...).encode("utf-8")` json.dumps() return value does not end in a newline. This means any files written with this content will not end in a newline:...
Hey, it seems there's a newer version of the TUF specification - [v1.0.32](https://github.com/theupdateframework/specification/blob/v1.0.32/tuf-spec.md) The version which [theupdateframework/python-tuf](https://github.com/theupdateframework/python-tuf) states it supports is - [v1.0.31](https://github.com/theupdateframework/specification/blob/v1.0.31/tuf-spec.md) The following is a comparison of what...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Metadata
Owner
Metadata
Python reference implementation of The Update Framework (TUF)