TUF should be handled via a grant from Facebook this year once Ernest and I get this underway: https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.htm... <https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.html> We will take all the help we can get, but we'll have Project management and some funds! Cooper
On Feb 12, 2019, at 9:42 AM, Wes Turner <wes.turner@gmail.com> wrote:
... The Update Framework (TUF) is in part derived from Thandy (the tor updater). There's an automotive derivative of TUF called Uptane. https://theupdateframework.github.io/ <https://theupdateframework.github.io/>
"Roadmap update for TUF support" https://github.com/pypa/warehouse/issues/5247 <https://github.com/pypa/warehouse/issues/5247>
"TUF deployment roadmap for PyPI" https://github.com/theupdateframework/tuf/issues/816# <https://github.com/theupdateframework/tuf/issues/816#>
SHA-256 is not sufficient. GPG was removed because insufficient. Does TUF need funding, person-hours, new code, or code-review?