Hello everyone,
I am pleased to announce our demonstration of PyPI and pip with TUF.
Firstly, we solicit your thoughts and comments on our design document
for integrating PyPI with TUF:
https://docs.google.com/document/d/1sHMhgrGXNCvBZdmjVJzuoN5uMaUAUDWBmn3jo7vxjjw/edit?usp=sharing
Secondly, you may wish to test our demo of PyPI and pip with TUF:
https://github.com/dachshund/pip/wiki/pip-over-TUF
Thirdly, this is how little it takes to secure pip with TUF:
https://github.com/dachshund/pip/compare/develop...tuf
Finally, you may be interested to learn about how one might manually
secure a PyPI package index with TUF:
https://github.com/dachshund/pip/wiki/PyPI-over-TUF
We are excited to be able to show this to you now, and in person at our
lightning talk at PyCon this Friday.
We think that there is great potential for the PyPI and TUF community to
work together to secure Python package management. This is just the
beginning, and there is some work left to do, but we are confident that
we have demonstrated to you that PyPI could be secured with TUF in the
very near future. We would be happy to discuss with you how we compare
with other proposals.
We look forward to your questions and feedback!
Thanks,
Trishank
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
