in-toto (https://in-toto.io/) is from NYU's Secure Systems Lab
(https://ssl.engineering.nyu.edu/) and NJIT's Cybersecurity Research
Center (https://research.njit.edu/cybersecurity/) looking to mitigate
'supply chain' issues for package management systems.
from pkg/DESCR:
in-toto provides a framework to protect the integrity of the software
supply chain. It does so by verifying that each task in the chain
is carried out as planned, by authorized personnel only, and that
the product is not tampered with in transit.
Haven't tinkered around with building 'layouts' yet, but thought I would
submit to ports@ to see if there's any interest.
There's one currently unported RUN_DEPEND security/py-securesystemslib
which I'll send after this email.
g
No comments:
Post a Comment