meejah: > carlo von lynX <l...@time.to.get.psyced.org> writes: > >> The README sounds good, but it being implemented in python adds quite >> a heavy additional dependency. > > My understanding is that TUF is two things: a spec, and a reference > implementation (in Python). I'm sure other implementations would be > welcome -- and, e.g., Docker Notary is such an implementation (in Go) as > I understand it.
I've read up on TUF for F-Droid. Its a good discussion of the issues, but the TUF software itself is only really applicable in a narrow range of situations. For example, its in Python, so that's a no-go for Android or iOS, and somewhat difficult on Windows. I've always treated TUF as a nice overview of the issues. F-Droid has long implemented most of it, and now we are implementing the remaining key bits, and a couple of parts just seem like vastly too much effort in the short or medium term, versus the actual risk. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev