[Distutils] Automation for creating, updating and destroying a TUF-secured PyPI mirror
Trishank Karthik Kuppusamy
tk47 at students.poly.edu
Mon Apr 1 23:40:22 CEST 2013
Hello PyPI,
Hope attendees had a great time at PyCon 2013! We certainly enjoyed
presenting to you our lightning talk on securing PyPI with TUF
(https://www.youtube.com/watch?v=2sx1lS6cT3g).
Since then, we have been busy improving TUF and implementing machinery
to automatically secure PyPI with TUF:
https://github.com/dachshund/pypi.updateframework.com
You may also have noticed that the root metadata for our prototype
mirror of PyPI+TUF expired yesterday. This aligns nicely with our plan
for switching our hand-maintained PyPI+TUF mirror with the automatic
one. We expect to have it ready very soon, and until then, we certainly
welcome your first impressions on our automation. You could try it on
your machine right away!
Finally, we are working continuously on improving TUF, especially on
ensuring that the metadata scales with data. We welcome your feedback on
these issues and more (https://github.com/akonst/tuf/issues?state=open).
-Trishank
More information about the Distutils-SIG
mailing list