Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Python reference implementation of The Update Framework (TUF)
270 commits 28 branches 35 tags 23 MiB
Python 100%
Find a file
dachshund 8a38a1897c Update README to look better on GitHub. Read on for more on 9ff22ddd4e. 
About 9ff22ddd4e: I was teaching a class of students about using GitHub,
and wanted to show that cloning a Git repository off an HTTPS url would
not give the cloner write permissions. Unfortunately, I had cloned off
the SSH url and was able to push my example modifications without
failure.
2013-09-08 12:11:40 -04:00
docs Update tuf-spec.txt and implement "lazy bin walk" 2013-08-09 08:29:57 -04:00
evpy Fix several naming and scope errors. 2013-06-25 18:44:34 -04:00
tuf Review Zane's unit test fixes and resolve merge conflicts 2013-08-30 14:58:41 -04:00
.gitignore Guess content type of downloaded file. 2013-03-01 02:32:00 -05:00
AUTHORS.txt Move all files up one directory from 'src/'. 2013-02-10 21:38:06 -05:00
find-code.sh Bash script to easily grep code over files. 2013-02-24 16:23:45 -05:00
LICENSE.txt Move all files up one directory from 'src/'. 2013-02-10 21:38:06 -05:00
README.md Update README to look better on GitHub. Read on for more on 9ff22ddd4e. 2013-09-08 12:11:40 -04:00
setup.py Revert "Check out my cool code." 2013-09-03 18:11:48 -04:00

README.md

A Framework for Securing Software Update Systems

TUF (The Update Framework) helps developers secure their new or existing software update systems. Software update systems are vulnerable to many known attacks, including those that can result in clients being compromised or crashed. TUF helps solve this problem by providing a flexible security framework that can be added to software updaters.

What Is a Software Update System?

Generally, a software update system is an application (or part of an application) running on a client system that obtains and installs software. This can include updates to software that is already installed or even completely new software.

Three major classes of software update systems are:

  • Application Updaters - which are used by applications use to update themselves. For example, Firefox updates itself through its own application updater.

  • Library Package Managers - such as those offered by many programming languages for installing additional libraries. These are systems such as Python's pip/easy_install + PyPI, Perl's CPAN, Ruby's Gems, and PHP's PEAR.

  • System Package Managers - used by operating systems to update and install all of the software on a client system. Debian's APT, Red Hat's YUM, and openSUSE's YaST are examples of these.

Our Approach

There are literally thousands of different software update systems in common use today. (In fact the average Windows user has about two dozen different software updaters on their machine!)

We are building a library that can be universally (and in most cases transparently) used to secure software update systems.