[Distutils] The software update framework

Nick Coghlan ncoghlan at gmail.com
Tue Oct 24 08:56:44 EDT 2017

On 24 October 2017 at 20:34, Thomas Güttler <guettliml at thomas-guettler.de>

> I stumbled over this page: https://theupdateframework.github.io/
For folks that haven't read them before, note that TUF is also the basis
for the SSL/TLS independent package signing proposals in PEPs 458 & 480:

* https://www.python.org/dev/peps/pep-0458/ (PyPI -> end user signing)
* https://www.python.org/dev/peps/pep-0480/ (publisher -> end user signing)

Actually pursuing that idea is contingent on our being comfortable that the
related key management activities will be on a sustainable footing, though:


P.S. TUF is in the news a bit this week, as both it and the related content
signing project, Notary, were just accepted as community projects hosted by
the Cloud Native Computing Foundation:

Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20171024/8857f0c2/attachment.html>

More information about the Distutils-SIG mailing list