mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
There may be ways to unsafely use the client library but situation
should be significantly better now with ngclient:
* metadata writing is safer, more atomic
* non-root cached metadata is never trusted (so inconsistent
cached repository is not a security issue)
* the cache locations are now clearly application
decisions (they are required Updater constructor args)
Move the notice to Updater module documentation.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
|
||
|---|---|---|
| .. | ||
| _internal | ||
| __init__.py | ||
| config.py | ||
| fetcher.py | ||
| README.md | ||
| updater.py | ||
Next-gen TUF client for Python
This package provides modules for TUF client implementers.
tuf.ngclient.Updater is a class that implements the client workflow described in the TUF specification (see https://theupdateframework.github.io/specification/latest/#detailed-client-workflow)
tuf.ngclient.FetcherInterface is an abstract class that client implementers can implement a concrete class of in order to reuse their own networking/download libraries -- a Requests-based implementation is used by default.
This package:
- Aims to be a clean, easy-to-validate reference client implementation written in modern Python
- At the same time aims to be the library of choice for anyone implementing a TUF client in Python: light-weight, easy to integrate and with minimal required dependencies
- Is still under development but is planned to become the default client
in this implementation (i.e., the older
tuf.clientwill be deprecated in the future)