python-tuf
python-tuf copied to clipboard
theupdateframework
Python reference implementation of The Update Framework (TUF)
(NOTE: this issue is copied from [docs/ROADMAP.md](https://github.com/theupdateframework/tuf/blob/4847783001bb669e5082414e23cbb8a1948110db/docs/ROADMAP.md)) **Description of issue or feature request**: [TAP 3: Multi-role delegations](https://github.com/theupdateframework/taps/blob/master/tap3.md) is an Accepted TAP but not implemented in the reference implementation. **Current behavior**:...
supersedes #2049 This pr is the proof of concept for TAP 14 for the TAP approval process. It should not be merged until that TAP is finalized. Please fill in...
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25. Changelog Sourced from github/codeql-action's changelog. CodeQL Action Changelog [UNRELEASED] No user facing changes. 2.1.25 - 21 Sep 2022 We will soon be rolling out...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Hey, it seems there's a newer version of the TUF specification - [v1.0.31](https://github.com/theupdateframework/specification/blob/v1.0.31/tuf-spec.md) The version which [theupdateframework/python-tuf](https://github.com/theupdateframework/python-tuf) states it supports is - [v1.0.30](https://github.com/theupdateframework/specification/blob/v1.0.30/tuf-spec.md) The following is a comparison of what...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.1.0 to 2.2.0. Release notes Sourced from actions/dependency-review-action's releases. 2.2.0 We've added a new configuration option: fail-on-scopes: Specify whether you want the action to fail on vulnerabilities...
The fact that TUF metadata contains the non-canonical form of the payload is a known issue (see https://github.com/secure-systems-lab/dsse for future plans). While we wait for the spec to evolve, I...
Since a incompatible spec version update seems to get more interest (see #2040), we should start with actually designing how spec version numbers are going to work... Who is responsible...
Please fill in the fields below to submit a pull request. The more information that is provided, the better. Fixes #2074 **Description of the changes being introduced by the pull...
**Description of issue or feature request**: The Requests session for each connection by default is created from scratch. And there is no sane way to customize it, for example to...
Currently creating e.g. succinct delegations looks like this ``` BIT_LENGTH = int(math.log2(NUMBER_OF_BINS)) succinct_roles = SuccinctRoles( keyids=[bins_key.keyid], threshold=THRESHOLD, bit_length=BIT_LENGTH, name_prefix=NAME_PREFIX, ) delegations_keys_info: Dict[str, Key] = {} delegations_keys_info[bins_key.keyid] = bins_key targets.signed.delegations =...
Metadata
Owner
Metadata
Python reference implementation of The Update Framework (TUF)