[guardian-dev] TUF and gitian
Miron
c1.android at niftybox.net
Fri Aug 10 14:11:02 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/08/12 08:13, Abel Luck wrote:
> Miron,
>
> You've likely seen the links to TUF [1] over the past week or so.
>
> Could you comment on its functional relationship to gitian?
>
> It seems like we could use gitian to produce secure builds, and
> then TUF to deploy those updates.
>
> This wouldn't work for Google Play of course, rather I'm thinking
> about the Bazaar project.
>
> ~abel
>
Yes, the projects definitely seem synergistic. It makes sense for
Gitian to focus on the secure/deterministic build side and have TUF
handle the update mechanism.
A couple of downloader features missing from TUF is the ability to
assign weights to different builders and the ability to quarantine an
update for a period of time.
Will contact the TUF people about working together.
- --
- --
Miron
http://hyper.to/blog/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFQJU62/VxauoqzwoERAk4GAKD3+gIPx9F6g+GD0j7sMP7EvCMVQwCfcI8v
AsL0ZbAS9/YhvEAs6vfaTyc=
=/LlM
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list