notary + tuf proposal
This commit is contained in:
David Lawrence
parent
4185b857f3
commit
cc5dce64ae
|
|
@ -0,0 +1,84 @@
|
|||
== Notary & TUF Proposal
|
||||
|
||||
*Name of project:* Notary & TUF
|
||||
|
||||
*Description:*
|
||||
|
||||
The Update Framework (TUF) is a specification designed to solve specifically provenance and trust problems as part of a larger distribution framework.
|
||||
|
||||
Notary is a content signing framework implementing the TUF specification in the Go language. The project provides both a client, and a pair of server applications to host signed metadata and perform limited online signing functions. It is the de facto image signing framework in use by Docker, Quay, VMWare, and others.
|
||||
|
||||
Notary and TUF have been presented at [CNCF TOC meeting 6/20/2017](https://docs.google.com/presentation/d/1MvCZytMQpTgGW4IvJ1cM0hvnIr8IowH7hFaeXJZ6cp4/edit#slide=id.g2309ce468a_22_0)
|
||||
|
||||
*Sponsor / Advisor from TOC:* Solomon Hykes
|
||||
|
||||
*Preferred maturity level:* incubating
|
||||
|
||||
*Unique identifier:*
|
||||
|
||||
* Notary: notary
|
||||
* The Update Framework: tuf
|
||||
|
||||
*License:*
|
||||
|
||||
* Notary: Apache 2.0
|
||||
* TUF: MIT
|
||||
|
||||
*Source control repositories:*
|
||||
|
||||
* https://github.com/docker/notary
|
||||
* https://github.com/theupdateframework/tuf
|
||||
* https://github.com/theupdateframework/taps
|
||||
|
||||
*Initial Committers:*
|
||||
|
||||
* https://github.com/docker/notary/blob/master/MAINTAINERS
|
||||
* https://github.com/theupdateframework/tuf/blob/develop/AUTHORS.txt
|
||||
|
||||
*Infrastructure requirements (CI / CNCF Cluster):*
|
||||
|
||||
* CircleCI
|
||||
* CodeCov
|
||||
* Travis CI
|
||||
|
||||
*Issue tracker:*
|
||||
|
||||
* https://github.com/docker/notary/issues
|
||||
* https://github.com/theupdateframework/tuf/issues
|
||||
|
||||
*Mailing lists:*
|
||||
|
||||
* Slack: https://dockercommunity.slack.com/messages/notary
|
||||
* Google Groups: https://groups.google.com/forum/#!forum/theupdateframework
|
||||
|
||||
*Website:*
|
||||
|
||||
* TUF: https://theupdateframework.github.io/
|
||||
|
||||
*Release methodology and mechanics:*
|
||||
|
||||
* Feature based releases
|
||||
|
||||
*Social media accounts:* None
|
||||
|
||||
*Existing sponsorship:* Docker for Notary, National Science Foundation and NYU for TUF
|
||||
|
||||
*Contributor statistics:*
|
||||
|
||||
The notary community is growing slowly with a very small but active base and a larger group of occasional contributors. Maintainers are from Docker, CoreOS and Huawei.
|
||||
|
||||
TUF maintainers from NYU and CoreOS.
|
||||
|
||||
*Adopters:* Docker, Quay, Huawei, Motorola Solutions, VMWare
|
||||
|
||||
*External Dependencies:*
|
||||
|
||||
* https://github.com/docker/notary/blob/master/vendor.conf
|
||||
* Protobuf
|
||||
* GRPC
|
||||
* MySQL/PostgreSQL/rethinkDB
|
||||
* https://github.com/yubico/yubico-piv-tool
|
||||
|
||||
*Statement on alignment with CNCF mission:*
|
||||
|
||||
Notary is the most secure and widely adopted implementation of The Update Framework to date, and represents a critical security building block for ensuring the provenance and integrity of data in the field of cloud-native computing. As an implementer of The Update Framework it can provide its guarantees over any arbitrary digital content, making it ultimately flexible to any use case requiring security guarantees against attacks up to and including nation state level.
|
||||
Loading…
Reference in New Issue