Source: gittuf Section: vcs Priority: optional Maintainer: Debian Go Packaging Team Uploaders: Simon Josefsson , Rules-Requires-Root: no Build-Depends: debhelper-compat (= 13), dh-sequence-golang, git , golang-any, golang-github-danwakefield-fnmatch-dev, golang-github-github-smimesign-dev, golang-github-go-git-go-git-dev, golang-github-google-go-github-dev, golang-github-hiddeco-sshsig-dev, golang-github-in-toto-attestation-dev, golang-github-jonboulle-clockwork-dev, golang-github-protonmail-go-crypto-dev, golang-github-secure-systems-lab-go-securesystemslib-dev (>> 0.9.0~), golang-github-sigstore-cosign-dev, golang-github-sigstore-gitsign-dev, golang-github-sigstore-protobuf-specs-dev, golang-github-sigstore-sigstore-dev, golang-github-sigstore-sigstore-go-dev, golang-github-spf13-cobra-dev, golang-github-stretchr-testify-dev, golang-golang-x-crypto-dev, golang-google-protobuf-dev, openssh-client , Testsuite: autopkgtest-pkg-go Standards-Version: 4.7.0 Vcs-Browser: https://salsa.debian.org/go-team/packages/gittuf Vcs-Git: https://salsa.debian.org/go-team/packages/gittuf.git Homepage: https://github.com/gittuf/gittuf XS-Go-Import-Path: github.com/gittuf/gittuf Package: gittuf Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, Built-Using: ${misc:Built-Using}, Description: security layer for Git repositories (program) gittuf is a security layer for Git repositories. With gittuf, any developer who can pull from a Git repository can independently verify that the repository's security policies were followed. gittuf's policy, inspired by The Update Framework (TUF) (https://theupdateframework.io/), handles key management for all trusted developers in a repository, allows for setting permissions for repository branches, tags, files, etc., protects against other attacks (https://ssl.engineering.nyu.edu/papers/torres_toto_usenixsec-2016.pdf) Git is vulnerable to, and more — all while being backwards compatible with forges such as GitHub and GitLab. . gittuf is currently in alpha. gittuf's metadata may have breaking changes, meaning a repository's gittuf policy may have to be reinitialized from time to time. As such, gittuf is currently not intended to be the primary mechanism for enforcing a repository's security. . That said, we're actively seeking feedback from users. Take a look at the get started guide (/docs/get-started.md) to learn how to install and try gittuf out! . This package contains the command-line gittuf tool. Package: golang-github-gittuf-gittuf-dev Section: golang Architecture: all Multi-Arch: foreign Depends: ${misc:Depends}, Description: security layer for Git repositories (Go library) gittuf is a security layer for Git repositories. . This package contains the Go development library.