Source: golang-github-theupdateframework-go-tuf Maintainer: Debian Go Packaging Team Uploaders: Reinhard Tartler , Simon Josefsson , Section: golang Testsuite: autopkgtest-pkg-go Build-Depends: debhelper-compat (= 13), dh-sequence-golang, golang-any, golang-github-cenkalti-backoff-dev, golang-github-docopt-docopt-go-dev, golang-github-go-logr-stdr-dev, golang-github-secure-systems-lab-go-securesystemslib-dev, golang-github-sigstore-sigstore-dev, golang-github-spf13-cobra-dev, golang-github-stretchr-testify-dev, Standards-Version: 4.7.3 Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-theupdateframework-go-tuf Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-theupdateframework-go-tuf.git Homepage: https://github.com/theupdateframework/go-tuf XS-Go-Import-Path: github.com/theupdateframework/go-tuf Package: golang-github-theupdateframework-go-tuf-dev Architecture: all Multi-Arch: foreign Depends: golang-github-cenkalti-backoff-dev, golang-github-docopt-docopt-go-dev, golang-github-go-logr-stdr-dev, golang-github-secure-systems-lab-go-securesystemslib-dev, golang-github-sigstore-sigstore-dev, golang-github-spf13-cobra-dev, golang-github-stretchr-testify-dev, ${misc:Depends}, Description: Securing software in golang (library) The Update Framework (TUF) helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system. Package: go-tuf Section: devel Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends}, Static-Built-Using: ${misc:Static-Built-Using} Description: framework for Securing Software Update Systems (program) The Update Framework (TUF) (https://theupdateframework.io/) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks and provides resilience to compromise. . The Update Framework (TUF) design helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible specification (https://github.com/theupdateframework/specification/blob/master/tuf- spec.md) defining functionality that developers can use in any software update system or re-implement to fit their needs. . The go-tuf v2 project provides a lightweight library with the following functionality: . * creation, reading, and writing of TUF metadata * an easy object-oriented approach for interacting with TUF metadata * consistent snapshots * signing and verifying TUF metadata * ED25519, RSA, and ECDSA key types referenced by the latest TUF specification * top-level role delegation * target delegation via standard and hash bin delegations * support of succinct hash bin delegations (https://github. com/theupdateframework/taps/blob/master/tap15.md) which significantly reduce the size of the TUF metadata * support for unrecognized fields within the metadata (i.e. preserved and accessible through root.Signed.UnrecognizedFields["some-unknown- field"], also used for verifying/signing (if included in the Signed portion of the metadata)) * TUF client API * TUF multi-repository client API (implements TAP 4 - Multiple repository consensus on entrusted targets (https://github. com/theupdateframework/taps/blob/master/tap4.md)) . This package contains the command-line tool 'tuf-client'.