This project has been merged into Notary as it made little sense for the core functionality and CLI to continue to be split between 2 repositories. The bulk of this code resides under the “tuf” directory within that project. All future work on this TUF implementation will take place there.
This repository provides a library only. The Notary project
from Docker should be considered the official CLI to be used with this implementation of TUF.
[X] Add Targets to existing repo
[X] Sign metadata files
[X] Refactor TufRepo to take care of signing and verification
[ ] Ensure consistent capitalization in naming (TUF___ vs Tuf___)
[X] Make caching of metadata files smarter - PR #5
[ ] Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaults Notary should be the official CLI
[X] Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files
[ ] Comprehensive test cases
[ ] Delete files no longer in use
[ ] Fix up errors. Some have to be instantiated, others don’t, the inconsistency is annoying.
[X] Bump version numbers in meta files (could probably be done better)
This implementation was originally forked from flynn/go-tuf,
however in attempting to add delegations I found I was making such
significant changes that I could not maintain backwards compatibility
without the code becoming overly convoluted.
Some features such as pluggable verifiers have alreayd been merged upstream to flynn/go-tuf
and we are in discussion with titanous about working to merge the 2 implementations.
This implementation retains the same 3 Clause BSD license present on
the original flynn implementation.