From ea1ccb6a31887ab16f4b9cbe0e0eb3dcbf88ea9a Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:04:32 -0400 Subject: [PATCH 1/7] Add README.md (which replaces README.rst) Signed-off-by: Vladimir Diaz --- README.md | 104 ++++++++++++++++++++++++++++++++++++++++++++++++ README.rst | 114 ----------------------------------------------------- 2 files changed, 104 insertions(+), 114 deletions(-) create mode 100644 README.md delete mode 100644 README.rst diff --git a/README.md b/README.md new file mode 100644 index 0000000000..e2fd588b6c --- /dev/null +++ b/README.md @@ -0,0 +1,104 @@ +A Framework for Securing Software Update Systems +------------------------------------------------ + +[![Travis-CI](https://travis-ci.org/theupdateframework/tuf.svg?branch=develop)] +(https://travis-ci.org/theupdateframework/tuf) + +[![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)] +(https://coveralls.io/r/theupdateframework/tuf?branch=develop) + + +[![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)] +(https://pyup.io/repos/github/theupdateframework/tuf/) + +[![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)] +(https://pyup.io/repos/github/theupdateframework/tuf/) + +[![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)] +(https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) + +[![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)] +(https://bestpractices.coreinfrastructure.org/projects/1351) + +# TUF + +--------------------------------------------------------------- + +The Update Framework (TUF) helps developers maintain the security of a software +update system, even against attackers that compromise the repository or signing +keys. TUF provides a flexible framework and specification that developers can +adopt into any software update system. + +TUF is hosted by the [Linux Foundation](https://www.linuxfoundation.org/) as +part of the [Cloud Native Computing Foundation](https://www.cncf.io/) (CNCF) +and is used [in production](docs/ADOPTERS.md) by companies such as Docker, +DigitalOcean, Flynn, LEAP, Kolide, Cloudflare, and VMware. A variant of TUF +called [Uptane](https://uptane.github.io/) is widely used to secure +over-the-air updates in automobiles. + + +Documentation +------------- +* [Overview](docs/OVERVIEW.rst) +* [Specification](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md) +* [Getting Started](docs/GETTING_STARTED.rst) +* [Governance](docs/GOVERNANCE.md) and [Maintainers](docs/MAINTAINERS.txt) +* [Miscellaneous Docs](docs/) + + +Contact +------- +Please contact us via our [mailing +list](https://groups.google.com/forum/?fromgroups#!forum/theupdateframework). +Questions, feedback, and suggestions are welcomed on this low volume mailing +list. + +We strive to make the specification easy to implement, so if you come across +any inconsistencies or experience any difficulty, do let us know by sending an +email, or by reporting an issue in the [specification +GitHub repo](https://github.com/theupdateframework/specification/issues). + +Security Issues and Bugs +------------------------ + +Security issues can be reported by emailing jcappos@nyu.edu. + +At a minimum, the report must contain the following: + +* Description of the vulnerability. +* Steps to reproduce the issue. + +Optionally, reports that are emailed can be encrypted with PGP. You should use +PGP key fingerprint **E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A**. + +Please do not use the GitHub issue tracker to submit vulnerability reports. +The issue tracker is intended for bug reports and to make feature requests. +Major feature requests, such as design changes to the specification, should +be proposed via a [TUF Augmentation Proposal](docs/TAP.rst). + +License +------- + +This work is [dual-licensed](https://en.wikipedia.org/wiki/Multi-licensing) and +distributed under the (1) MIT License and (2) Apache License, Version 2.0. +Please see [LICENSE-MIT](LICENSE-MIT) and [LICENSE](LICENSE). + + +Acknowledgements +---------------- + +This project is managed by Prof. [Justin +Cappos](https://ssl.engineering.nyu.edu/personalpages/jcappos/) and other +members of the [Secure Systems Lab](https://ssl.engineering.nyu.edu/) at [New +York University](https://engineering.nyu.edu/). +[Contributors](https://github.com/theupdateframework/tuf/blob/develop/docs/AUTHORS.txt) +and +[maintainers](https://github.com/theupdateframework/tuf/blob/develop/docs/MAINTAINERS.txt) +are governed by the [CNCF Community Code of +Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). + +This material is based upon work supported by the National Science Foundation +under Grant Nos. CNS-1345049 and CNS-0959138. Any opinions, findings, and +conclusions or recommendations expressed in this material are those of the +author(s) and do not necessarily reflect the views of the National Science +Foundation. diff --git a/README.rst b/README.rst deleted file mode 100644 index b288042311..0000000000 --- a/README.rst +++ /dev/null @@ -1,114 +0,0 @@ -A Framework for Securing Software Update Systems ------------------------------------------------- - -.. image:: https://travis-ci.org/theupdateframework/tuf.svg?branch=develop - :target: https://travis-ci.org/theupdateframework/tuf - :alt: Travis - -.. image:: https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop - :target: https://coveralls.io/r/theupdateframework/tuf?branch=develop - :alt: Coveralls - -.. image:: https://pyup.io/repos/github/theupdateframework/tuf/shield.svg - :target: https://pyup.io/repos/github/theupdateframework/tuf/ - :alt: pyup - -.. image:: https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg - :target: https://pyup.io/repos/github/theupdateframework/tuf/ - :alt: Python 3 - -.. image:: https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield - :target: https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield - :alt: FOSSA - -.. image:: https://bestpractices.coreinfrastructure.org/projects/1351/badge - :target: https://bestpractices.coreinfrastructure.org/projects/1351 - :alt: CII - -.. raw:: html - - - ---------------------------------------------------------------- - -The Update Framework (TUF) helps developers maintain the security of a software -update system, even against attackers that compromise the repository or signing -keys. TUF provides a flexible framework and specification that developers can -adopt into any software update system. - -TUF is hosted by the `Linux Foundation `_ as -part of the `Cloud Native Computing Foundation `_ (CNCF) -and is used `in production `_ by companies such as Docker, -DigitalOcean, Flynn, LEAP, Kolide, Cloudflare, and VMware. A variant of TUF -called `Uptane `_ is widely used to secure -over-the-air updates in automobiles. - - -Documentation -------------- -* `Overview `_ -* `Specification `_ -* `Getting Started `_ -* `Governance `_ and `Maintainers `_ -* `Miscellaneous Docs `_ - - -Contact -------- -Please contact us via our `mailing list -`_. -Questions, feedback, and suggestions are welcomed on this low volume mailing -list. - -We strive to make the specification easy to implement, so if you come -across any inconsistencies or experience any difficulty, do let us know by -sending an email, or by reporting an issue in the `specification -repo `_. - -Security Issues and Bugs ------------------------- - -Security issues can be reported by emailing jcappos@nyu.edu. - -At a minimum, the report must contain the following: - -* Description of the vulnerability. -* Steps to reproduce the issue. - -Optionally, reports that are emailed can be encrypted with PGP. You should use -PGP key fingerprint **E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A**. - -Please do not use the GitHub issue tracker to submit vulnerability reports. -The issue tracker is intended for bug reports and to make feature requests. -Major feature requests, such as design changes to the specification, should -be proposed via a `TUF Augmentation Proposal `_. - -License -------- - -This work is `dual-licensed `_ -and distributed under the (1) MIT License and (2) Apache License, Version 2.0. -Please see `LICENSE-MIT `_ and `LICENSE -`_. - - -Acknowledgements ----------------- - -This project is managed by Prof. `Justin Cappos -`_ and other members of -the `Secure Systems Lab `_ at `New York -University `_. `Contributors -`_ and -`maintainers -`_ -are governed by the `CNCF Community Code of Conduct -`_. - -This material is based upon work supported by the National Science Foundation -under Grant Nos. CNS-1345049 and CNS-0959138. Any opinions, findings, and -conclusions or recommendations expressed in this material are those of the -author(s) and do not necessarily reflect the views of the National Science -Foundation. From bf07c21b164b6049c791e346d879047d798f6c5f Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:14:26 -0400 Subject: [PATCH 2/7] Edit badge links Signed-off-by: Vladimir Diaz --- README.md | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index e2fd588b6c..7edc7a7264 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,20 @@ A Framework for Securing Software Update Systems ------------------------------------------------ -[![Travis-CI](https://travis-ci.org/theupdateframework/tuf.svg?branch=develop)] -(https://travis-ci.org/theupdateframework/tuf) +[![Travis-CI](https://travis-ci.org/theupdateframework/tuf.svg?branch=develop)](https://travis-ci.org/theupdateframework/tuf) -[![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)] -(https://coveralls.io/r/theupdateframework/tuf?branch=develop) +[![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop) -[![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)] -(https://pyup.io/repos/github/theupdateframework/tuf/) +[![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) -[![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)] -(https://pyup.io/repos/github/theupdateframework/tuf/) +[![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) -[![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)] -(https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) +[![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) -[![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)] -(https://bestpractices.coreinfrastructure.org/projects/1351) +[![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) -# TUF +TUF --------------------------------------------------------------- @@ -55,8 +49,8 @@ list. We strive to make the specification easy to implement, so if you come across any inconsistencies or experience any difficulty, do let us know by sending an -email, or by reporting an issue in the [specification -GitHub repo](https://github.com/theupdateframework/specification/issues). +email, or by reporting an issue in the [GitHub specification +repo](https://github.com/theupdateframework/specification/issues). Security Issues and Bugs ------------------------ From 4ee8a52b67a1b557c9fe6aacb78eaf11094d9287 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:25:50 -0400 Subject: [PATCH 3/7] Fix logo link Signed-off-by: Vladimir Diaz --- README.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/README.md b/README.md index 7edc7a7264..c8d3ce605e 100644 --- a/README.md +++ b/README.md @@ -2,20 +2,13 @@ A Framework for Securing Software Update Systems ------------------------------------------------ [![Travis-CI](https://travis-ci.org/theupdateframework/tuf.svg?branch=develop)](https://travis-ci.org/theupdateframework/tuf) - [![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop) - - [![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) - [![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/) - [![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) - [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) -TUF - +TUF --------------------------------------------------------------- The Update Framework (TUF) helps developers maintain the security of a software From 68568d8b73fb443ad0c337344429db3669ed5229 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:32:49 -0400 Subject: [PATCH 4/7] Minor edit to text and height of logo Signed-off-by: Vladimir Diaz --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c8d3ce605e..8d21078c78 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,7 @@ A Framework for Securing Software Update Systems [![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) -TUF ---------------------------------------------------------------- +# TUF The Update Framework (TUF) helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing @@ -42,7 +41,7 @@ list. We strive to make the specification easy to implement, so if you come across any inconsistencies or experience any difficulty, do let us know by sending an -email, or by reporting an issue in the [GitHub specification +email, or by reporting an issue in the GitHub [specification repo](https://github.com/theupdateframework/specification/issues). Security Issues and Bugs @@ -61,7 +60,7 @@ PGP key fingerprint **E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A**. Please do not use the GitHub issue tracker to submit vulnerability reports. The issue tracker is intended for bug reports and to make feature requests. Major feature requests, such as design changes to the specification, should -be proposed via a [TUF Augmentation Proposal](docs/TAP.rst). +be proposed via a [TUF Augmentation Proposal](docs/TAP.rst) (TAP). License ------- From d003275c3a544d22c217e8f8ab49d1294357e738 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:36:39 -0400 Subject: [PATCH 5/7] Use logo that doesn't include text Signed-off-by: Vladimir Diaz --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8d21078c78..9f873155c5 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ A Framework for Securing Software Update Systems [![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield) [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351) -# TUF +# TUF The Update Framework (TUF) helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing From c02e4792094275d1da1e4a477b2a0e3270637ee7 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:49:38 -0400 Subject: [PATCH 6/7] Update virtualenv dependency Signed-off-by: Vladimir Diaz --- dev-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index 59a2cebe75..75c4b7c00c 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -35,5 +35,5 @@ six==1.11.0 smmap2==2.0.3 stevedore==1.28.0 tox==3.0.0 -virtualenv==15.2.0 +virtualenv==16.0.0 wrapt==1.10.11 From 8986e9c77397c627099cd8a7b28ff9a6de3dc9a2 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Thu, 17 May 2018 11:50:11 -0400 Subject: [PATCH 7/7] Replace README.rst with README.md in setup.py Signed-off-by: Vladimir Diaz --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 67a6e6e006..70df01aeb8 100755 --- a/setup.py +++ b/setup.py @@ -75,7 +75,7 @@ from setuptools import find_packages -with open('README.rst') as file_object: +with open('README.md') as file_object: long_description = file_object.read() setup(