On 2022/08/02 17:50, George Rosamond wrote: > in-toto (https://in-toto.io/) is from NYU's Secure Systems Lab > (https://ssl.engineering.nyu.edu/) and NJIT's Cybersecurity Research Center > (https://research.njit.edu/cybersecurity/) looking to mitigate 'supply > chain' issues for package management systems. > > from pkg/DESCR: > > in-toto provides a framework to protect the integrity of the software > supply chain. It does so by verifying that each task in the chain > is carried out as planned, by authorized personnel only, and that > the product is not tampered with in transit. > > Haven't tinkered around with building 'layouts' yet, but thought I would > submit to ports@ to see if there's any interest. > > There's one currently unported RUN_DEPEND security/py-securesystemslib which > I'll send after this email. > > g
Similar issues with tests as py-secure-systems (but simpler as it doesn't auto-collect any bogus tests)
py-in-toto.tgz
Description: application/tar-gz
