On 2022/08/02 17:50, George Rosamond wrote:
> in-toto (https://in-toto.io/) is from NYU's Secure Systems Lab
> (https://ssl.engineering.nyu.edu/) and NJIT's Cybersecurity Research Center
> (https://research.njit.edu/cybersecurity/) looking to mitigate 'supply
> chain' issues for package management systems.
>
> from pkg/DESCR:
>
> in-toto provides a framework to protect the integrity of the software
> supply chain. It does so by verifying that each task in the chain
> is carried out as planned, by authorized personnel only, and that
> the product is not tampered with in transit.
>
> Haven't tinkered around with building 'layouts' yet, but thought I would
> submit to ports@ to see if there's any interest.
>
> There's one currently unported RUN_DEPEND security/py-securesystemslib which
> I'll send after this email.
>
> g
Similar issues with tests as py-secure-systems (but simpler as it doesn't
auto-collect any bogus tests)
No comments:
Post a Comment