python-tuf
tufup
| python-tuf | tufup | |
|---|---|---|
| 3 | 2 | |
| 1,586 | 63 | |
| 0.5% | - | |
| 9.3 | 7.9 | |
| 9 days ago | 27 days ago | |
| Python | Python | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
python-tuf
-
PyUpdater is not maintained anymore... even if we integrate Python-TUF in it?
Using Python-TUF, but it's purpose is not to package app, check new version and apply updates and patches, so a non negligible layer of development is needed to achieve the same work as the first choices.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Confusingly named, it’s not a framework, but a specification that developers can follow when implementing their update systems to help users know they can trust the updates they receive. There’s also a Python reference implementation.
-
PyUpdater is no longer maintained. What now? - Tufup: automated updates for stand-alone Python applications.
Hello world! I want to recommend a wonderful open-source package called Tufup. It's a simple software updater for stand-alone Python applications. This package was created as a replacement for PyUpdater, given the fact that PyUpdater has been archived and is no longer maintained. However, whereas PyUpdater implements a custom security mechanism to ensure authenticity (and integrity) of downloaded update files, Tufup is built on top of the security mechanisms implemented in the python-tuf package, a.k.a. TUF (The Update Framework). By entrusting the design of security measures to security professionals, Tufup can focus on high-level tools.
tufup
-
PyUpdater is not maintained anymore... even if we integrate Python-TUF in it?
Using tufup. I read in another post that it lacks security especially because it uses symmetrical encryption. Is it always true?
-
PyUpdater is no longer maintained. What now? - Tufup: automated updates for stand-alone Python applications.
I would like more people to know about Tufup so that it improves even faster, as the developers are actively engaged in improving it. Tufup on Github: https://github.com/dennisvang/tufup Tufup on PyPI: https://pypi.org/project/tufup/
What are some alternatives?
WARP-UNLIMITED-ADVANCED - Get unlimited amount of data in Cloudflare's WARP VPN🔥
PyUpdater - Pyinstaller auto-update library
nUpdate - A comfortable update solution for .NET-applications.
tufup-example - Example of a self-updating application using tufup.
pipupgrade - 🗽 Like yarn outdated/upgrade, but for pip. Upgrade all your pip packages and automate your Python Dependency Management.
kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
RAUDI - A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Kyverno - Kubernetes Native Policy Management
in-toto - in-toto is a framework to protect supply chain integrity.