mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
37 lines
1.6 KiB
Markdown
37 lines
1.6 KiB
Markdown
## A Framework for Securing Software Update Systems
|
|
|
|
TUF (The Update Framework) helps developers secure their new or existing
|
|
software update systems. Software update systems are vulnerable to many known
|
|
attacks, including those that can result in clients being compromised or
|
|
crashed. TUF helps solve this problem by providing a flexible security
|
|
framework that can be added to software updaters.
|
|
|
|
## What Is a Software Update System?
|
|
|
|
Generally, a software update system is an application (or part of an
|
|
application) running on a client system that obtains and installs software.
|
|
This can include updates to software that is already installed or even
|
|
completely new software.
|
|
|
|
Three major classes of software update systems are:
|
|
|
|
* Application Updaters - which are used by applications use to update
|
|
themselves. For example, Firefox updates itself through its own application
|
|
updater.
|
|
|
|
* Library Package Managers - such as those offered by many programming
|
|
languages for installing additional libraries. These are systems such as
|
|
Python's pip/easy_install + PyPI, Perl's CPAN, Ruby's Gems, and PHP's PEAR.
|
|
|
|
* System Package Managers - used by operating systems to update and install all
|
|
of the software on a client system. Debian's APT, Red Hat's YUM, and openSUSE's
|
|
YaST are examples of these.
|
|
|
|
## Our Approach
|
|
|
|
There are literally thousands of different software update systems in common
|
|
use today. (In fact the average Windows user has about two dozen different
|
|
software updaters on their machine!)
|
|
|
|
We are building a library that can be universally (and in most cases
|
|
transparently) used to secure software update systems.
|