repository_service_for_tuf_sandbox_stage.md

Application for creating a new project at Sandbox stage

List of project maintainers

• Kairo Araujo, VMware, kairoaraujo
• Radoslav Dimitrov, VMware, rdimitrov
• Martin Vrachev, VMware, mvrachev
• Lukas Pühringer, NYU, lukpueh
• Konstantinos Papadopoulos, Channable, KAUTH

Mission of the project

The Repository Service for TUF's mission is to make it easier for repositories to integrate the features of The Update Framework (TUF) without requiring TUF expertise or deep changes to the repository service implementation.

The project provides repository signing functionality with a simple REST API for integration into any repository offering. The system's architecture enables scalability for high-traffic repositories.

The project was born out of experience developing changes for Warehouse (PyPI) to deliver PEP 458 and, for the initial roadmap, focuses on providing PEP 458-like repository signing functionality. In future, the Repository Service for TUF will develop to support other TUF architecture patterns including PEP 480-like developer signing and more.

IP policy and licensing due diligence

When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF).

• "yes #136"

Project References

Reference	URL
Repo	https://github.com/vmware/repository-service-tuf https://github.com/vmware/repository-service-tuf-api https://github.com/vmware/repository-service-tuf-cli https://github.com/vmware/repository-service-tuf-worker
Website	https://repository-service-tuf.readthedocs.io/en/latest/
Contributing guide	https://repository-service-tuf.readthedocs.io/en/latest/devel/contributing.html
Roadmap	https://repository-service-tuf.readthedocs.io/en/latest/devel/release.html#roadmap
Demos	https://www.youtube.com/watch?v=YFxgbTPYyZE https://youtu.be/IXEJpJ50Aj4?list=PLVl2hFL_zAh_VfsvGMCrkPSS1z2VFFy-r&t=276