On Feb 12, 2019, at 9:42 AM, Wes Turner <wes.turner@gmail.com> wrote:... The Update Framework (TUF) is in part derived from Thandy (the tor updater). There's an automotive derivative of TUF called Uptane."Roadmap update for TUF support""TUF deployment roadmap for PyPI"SHA-256 is not sufficient. GPG was removed because insufficient.Does TUF need funding, person-hours, new code, or code-review?