|
| 1 | +--- |
| 2 | + |
| 3 | +layout: article |
| 4 | +title: "Python-TUF reaches version 1.0.0" |
| 5 | +subnav: blog |
| 6 | +comments: true |
| 7 | +tagline: "The Python-TUF community is proud to announce the release of Python-TUF 1.0.0" |
| 8 | +author: "<a href='https://blogs.vmware.com/opensource/author/jussi-kukkonen/'> Jussi Kukkonen</a> and <a href='/people#lukas_p%C3%BChringer'>Lukas Pühringer</a>" |
| 9 | +categories: |
| 10 | + - "<a href='/projects#tuf'>TUF</a>" |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +<img align="left" src="/img/blog/tuf-icon.png" width="200"/> |
| 15 | + |
| 16 | +The Python-TUF community is proud to announce the release of Python-TUF 1.0.0. |
| 17 | +The release, which is available on [PyPI](https://pypi.org/project/tuf/) and |
| 18 | +[GitHub](https://github.com/theupdateframework/python-tuf/), introduces new |
| 19 | +stable and more ergonomic APIs. |
| 20 | + |
| 21 | +Python-TUF is the reference implementation of [The Update |
| 22 | +Framework](https://theupdateframework.io/) specification, an open source |
| 23 | +framework for securing content delivery and updates. It protects against |
| 24 | +various types of supply chain attacks and provides resilience to compromise. |
| 25 | + |
| 26 | +For the past 7 releases the project has introduced new designs and |
| 27 | +implementations, which have gradually formed two new stable APIs: |
| 28 | +- [`ngclient`](https://theupdateframework.readthedocs.io/en/latest/api/tuf.ngclient.html): |
| 29 | + A client API that offers a robust internal design providing implementation |
| 30 | + safety and flexibility to application developers. |
| 31 | +- [`Metadata API`](https://theupdateframework.readthedocs.io/en/latest/api/tuf.api.html): |
| 32 | + A low-level interface for both consuming and creating TUF metadata. Metadata |
| 33 | + API is a flexible and easy-to-use building block for any higher level tool or |
| 34 | + library. |
| 35 | + |
| 36 | +Python-TUF 1.0.0 is the result of a comprehensive rewrite of the project, |
| 37 | +removing several hard to maintain modules and replacing them with safer and |
| 38 | +easier to use APIs: |
| 39 | +- The project was reduced from 4700 lines of hard to maintain code to 1400 |
| 40 | + lines of modern, maintainable code |
| 41 | +- The implementation details are now easier to reason about, which should |
| 42 | + accelerate future improvements on the project |
| 43 | +- Metadata API provides a solid base to build other tools on top of – as proven |
| 44 | + by the ngclient implementation and the [repository code |
| 45 | + examples](https://github.com/theupdateframework/python-tuf/tree/develop/examples/repo_example) |
| 46 | +- Both new APIs are highly extensible and allow application developers to |
| 47 | + include custom network stacks, file storage systems or public-key |
| 48 | + cryptography algorithms, while providing easy-to-use default implementations |
| 49 | + |
| 50 | +With this foundation laid, Python-TUF developers are currently planning next |
| 51 | +steps. At the very least, you can expect improved repository side tooling, but |
| 52 | +we're also open to new ideas. Pop in to |
| 53 | +[#tuf](https://cloud-native.slack.com/archives/C8NMD3QJ3) on CNCF Slack or |
| 54 | +[Github issues](https://github.com/theupdateframework/python-tuf/issues/new) |
| 55 | +and let’s talk. |
0 commit comments