[TUF] User-controlled key management #605
Locked
nate-double-u
started this conversation in
Google Summer of Code 2022
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Write an implementation of TAP 13 in the go implementation of TUF. TUF metadata provides key management for developers who want to sign packages that they upload to a repository. However, this means that users are trusting the repository administrators to accurately portray the correct signing key for each package. TAP 13 reduces trust in repository administrators by adding support for user-managed keys to TUF, allowing users to override the key management done by the repository to trust only a subset of images on that repository. The implementation will be built on the new python-tuf client.
Mentors: Marina Moore (@mnm678)
https://github.com/cncf/mentoring/blob/main/summerofcode/2022.md#user-controlled-key-management
Beta Was this translation helpful? Give feedback.
All reactions