1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
Source: gittuf
Section: vcs
Priority: optional
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Uploaders:
Simon Josefsson <simon@josefsson.org>,
Build-Depends:
debhelper-compat (= 13),
dh-sequence-golang,
git <!nocheck>,
golang-any,
golang-github-charmbracelet-bubbles-dev,
golang-github-charmbracelet-bubbletea-dev,
golang-github-charmbracelet-lipgloss-dev,
golang-github-danwakefield-fnmatch-dev,
golang-github-go-git-go-git-dev,
golang-github-google-go-github-dev,
golang-github-hiddeco-sshsig-dev,
golang-github-in-toto-attestation-dev,
golang-github-jonboulle-clockwork-dev,
golang-github-protonmail-go-crypto-dev,
golang-github-secure-systems-lab-go-securesystemslib-dev,
golang-github-sigstore-cosign-dev,
golang-github-sigstore-gitsign-dev,
golang-github-sigstore-protobuf-specs-dev,
golang-github-sigstore-sigstore-dev,
golang-github-sigstore-sigstore-go-dev (>> 0.7.0~),
golang-github-spf13-cobra-dev,
golang-github-stretchr-testify-dev,
golang-github-yuin-gopher-lua-dev,
golang-golang-x-crypto-dev,
golang-google-protobuf-dev,
help2man <!nodoc>,
openssh-client,
Testsuite: autopkgtest-pkg-go
Standards-Version: 4.7.2
Vcs-Browser: https://salsa.debian.org/go-team/packages/gittuf
Vcs-Git: https://salsa.debian.org/go-team/packages/gittuf.git
Homepage: https://github.com/gittuf/gittuf
XS-Go-Import-Path: github.com/gittuf/gittuf
Package: gittuf
Architecture: any
Depends:
${misc:Depends},
${shlibs:Depends},
Built-Using:
${misc:Built-Using},
Static-Built-Using:
${misc:Static-Built-Using},
Description: security layer for Git repositories (program)
gittuf is a security layer for Git repositories. With gittuf, any
developer who can pull from a Git repository can independently verify
that the repository's security policies were followed. gittuf's policy,
inspired by The Update Framework (TUF) (https://theupdateframework.io/),
handles key management for all trusted developers in a repository,
allows for setting permissions for repository branches, tags, files,
etc., protects against other attacks
(https://ssl.engineering.nyu.edu/papers/torres_toto_usenixsec-2016.pdf)
Git is vulnerable to, and more — all while being backwards compatible
with forges such as GitHub and GitLab.
.
gittuf is currently in alpha. gittuf's metadata may have breaking
changes, meaning a repository's gittuf policy may have to be
reinitialized from time to time. As such, gittuf is currently not
intended to be the primary mechanism for enforcing a repository's
security.
.
That said, we're actively seeking feedback from users. Take a look at
the get started guide (/docs/get-started.md) to learn how to install and
try gittuf out!
.
This package contains the command-line gittuf tool.
Package: golang-github-gittuf-gittuf-dev
Section: golang
Architecture: all
Multi-Arch: foreign
Depends:
golang-github-charmbracelet-bubbles-dev,
golang-github-charmbracelet-bubbletea-dev,
golang-github-charmbracelet-lipgloss-dev,
golang-github-danwakefield-fnmatch-dev,
golang-github-go-git-go-git-dev,
golang-github-google-go-github-dev,
golang-github-hiddeco-sshsig-dev,
golang-github-in-toto-attestation-dev,
golang-github-jonboulle-clockwork-dev,
golang-github-protonmail-go-crypto-dev,
golang-github-secure-systems-lab-go-securesystemslib-dev,
golang-github-sigstore-cosign-dev,
golang-github-sigstore-gitsign-dev,
golang-github-sigstore-protobuf-specs-dev,
golang-github-sigstore-sigstore-dev,
golang-github-sigstore-sigstore-go-dev (>> 0.7.0~),
golang-github-spf13-cobra-dev,
golang-github-stretchr-testify-dev,
golang-github-yuin-gopher-lua-dev,
golang-golang-x-crypto-dev,
golang-google-protobuf-dev,
${misc:Depends},
Description: security layer for Git repositories (Go library)
gittuf is a security layer for Git repositories.
.
This package contains the Go development library.
|
