Monday 11:30 a.m.–noon
When the going gets tough, get TUF going
Ying Li, David Lawrence
- Audience level:
- Novice
- Category:
- Security
Description
The Update Framework (TUF) helps developers secure new or existing software update systems by providing integrity and freshness guarantees over package distribution. Integrate TUF into your deployment pipelines to provide integrity and version guarantees for build and deployment artifacts.
Abstract
The Update Framework (TUF) helps developers secure new or existing software update systems. TUF provides protection against data tampering, rollbacks, and many cases of key compromise. We will discuss how TUF protects against these attacks, and briefly discuss how PEP0458 proposes to integerate TUF into PyPI and pip in order to provide integrity and freshness guarantees from package developers.
Those who want such guarantees for their own applications can use TUF today, however, with a little extra work in such a way as to not conflict with PEP0458's TUF integration. This talk will cover how TUF can be integrated into existing CICD pipelines.
PyCon 2016 in Portland, OR is a production of the 