- Kairo Araujo, VMware, kairoaraujo
- Radoslav Dimitrov, VMware, rdimitrov
- Martin Vrachev, VMware, mvrachev
- Lukas Pühringer, NYU, lukpueh
- Konstantinos Papadopoulos, Channable, KAUTH
The Repository Service for TUF's mission is to make it easier for repositories to integrate the features of The Update Framework (TUF) without requiring TUF expertise or deep changes to the repository service implementation.
The project provides repository signing functionality with a simple REST API for integration into any repository offering. The system's architecture enables scalability for high-traffic repositories.
The project was born out of experience developing changes for Warehouse (PyPI) to deliver PEP 458 and, for the initial roadmap, focuses on providing PEP 458-like repository signing functionality. In future, the Repository Service for TUF will develop to support other TUF architecture patterns including PEP 480-like developer signing and more.
When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF).
- "yes #136"