7d5fe5e5ab
* Adding CODEOWNERS and MAINTAINERS files Signed-off-by: Toddy Mladenov <toddysm@gmail.com> * Updated org maintainers Signed-off-by: Toddy Mladenov <toddysm@gmail.com> --------- Signed-off-by: Toddy Mladenov <toddysm@gmail.com> |
||
|---|---|---|
| .github/workflows | ||
| cmd/tuf-notary | ||
| demo | ||
| docs | ||
| test/tuf-repo/staged | ||
| .gitignore | ||
| CODEOWNERS | ||
| MAINTAINERS | ||
| Makefile | ||
| README.md | ||
| cli.md | ||
| go.mod | ||
| go.sum | ||
| registry-access.go | ||
| registry-access_test.go | ||
| tuf-repository.go | ||
README.md
TUF
This repository is not in active maintenance. Please see the Notary Project README file to learn about overall Notary Project.
TUF is a project to implement the full TUF specification in a registry native way. This may require upstream TUF spec changes or extensions, as there are some differences between the registry model and common usage to other TUF use cases. This project will use existing registry extensions where available but may need its own document types in addition.
The notary TUF-based implementation ran as an additional service on a registry, so was not available everywhere and did not create native registry artifacts. In turn this meant that moving signatures between registries was not supported. The notary TUF-based implementation also made some changes to the TUF security model, like defaulting to TOFU, which in retrospect were not a good model in a world of ephemeral cloud native hosts. It did not get widespread adoption due to these reasons and others. This project aims to build a version suitable for widespread adoption that resolves these issues.