rust-tuf
rust-tuf copied to clipboard
theupdateframework
Rust implementation of The Update Framework (TUF)
It's possible that a parser bug could allow for a man-in-the-middle attacker to compromise a system. None have been found so far in serde_json, but other parsers have had bugs...
Since the delegating targets defines the valid keys a delegated targets can be signed by, it is possible for delegated targets to be valid when accessed via one target path...
If a request for metadata or target contains a max length and the HTTP response contains a Content-Length greater than that value, it can error out the AsyncRead stream without...
If min_bytes_per_second is non-zero and a transfer is making forward progress but more slowly than required, the stream should error out as expected, however, as poll_read is only expected to...
tuf::Client will currently error out on create if a fetch of root metadata from the local repository fails with any error other than Error::NotFound. The implementation could attempt to fetch...
I was attempting to try out rust-tuf in an application, In my Cargo.toml under dependencies, i tried both `tuf = "0.3.0-alpha3"` and `tuf = "0.2.0"` both with the same issue....
> spin is no longer actively maintained | Details | | | ------------------- | ---------------------------------------------- | | Status | unmaintained | | Package | `spin` | | Version | `0.5.2`...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
We are writing our own wrapper around boringssl instead of using ring, so it'd be nice to use our library for signing. One way to implementing this without forcing everyone...
Metadata
Owner
Metadata
Rust implementation of The Update Framework (TUF)