The Update Framework (TUF) Maintainer Panel: Integrations, Enhancements, and Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Participate in a 40-minute panel discussion featuring maintainers from The Update Framework (TUF) projects, moderated by Andrew Krug from Datadog. Gain insights into new and upcoming TUF integrations and enhancements, exploring how the specification provides compromise-resilient security for software updates and distribution. Learn about TUF implementations in Python, Go, and Rust, used in production by organizations like Datadog, AWS BottleRocket, Google Fuchsia, and Sigstore. Discover the project's current state, its role in improving supply chain security, and behind-the-scenes perspectives on integrations with Sigstore and PyPI. Explore unique challenges surrounding maintenance, vulnerability disclosure, and consumption of an open-source project with multiple implementations. The discussion covers topics such as software repository management, top projects, cross-compatibility, continuous improvement, and future directions for TUF.
Syllabus
Intro
Introductions
Andrew Krug
Software Repository
Top Project
Cross Compatibility
Continuous Improvement
Whats Next
Taught by
CNCF [Cloud Native Computing Foundation]