[Catalog-sig] A modest proposal for securing PyPI with TUF
Trishank Karthik Kuppusamy
tk47 at students.poly.edu
Wed Mar 13 07:41:55 CET 2013
I am pleased to announce our demonstration of PyPI and pip with TUF.
Firstly, we solicit your thoughts and comments on our design document
for integrating PyPI with TUF:
Secondly, you may wish to test our demo of PyPI and pip with TUF:
Thirdly, this is how little it takes to secure pip with TUF:
Finally, you may be interested to learn about how one might manually
secure a PyPI package index with TUF:
We are excited to be able to show this to you now, and in person at our
lightning talk at PyCon this Friday.
We think that there is great potential for the PyPI and TUF community to
work together to secure Python package management. This is just the
beginning, and there is some work left to do, but we are confident that
we have demonstrated to you that PyPI could be secured with TUF in the
very near future. We would be happy to discuss with you how we compare
with other proposals.
We look forward to your questions and feedback!
More information about the Catalog-SIG