This project has been merged into Notary as it made little sense for the core functionality and CLI to continue to be split between 2 repositories. The bulk of this code resides under the "tuf" directory within that project. All future work on this TUF implementation will take place there.
This is still a work in progress but will shortly be a fully compliant Go implementation of The Update Framework (TUF).
This repository provides a library only. The Notary project from Docker should be considered the official CLI to be used with this implementation of TUF.
- Add Targets to existing repo
- Sign metadata files
- Refactor TufRepo to take care of signing
and verification - Ensure consistent capitalization in naming (TUF___ vs Tuf___)
- Make caching of metadata files smarter - PR #5
-
Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaultsNotary should be the official CLI - Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files
- Comprehensive test cases
- Delete files no longer in use
- Fix up errors. Some have to be instantiated, others don't, the inconsistency is annoying.
- Bump version numbers in meta files (could probably be done better)
This implementation was originally forked from flynn/go-tuf, however in attempting to add delegations I found I was making such significant changes that I could not maintain backwards compatibility without the code becoming overly convoluted.
Some features such as pluggable verifiers have alreayd been merged upstream to flynn/go-tuf and we are in discussion with titanous about working to merge the 2 implementations.
This implementation retains the same 3 Clause BSD license present on the original flynn implementation.