1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
Source: apt-transport-in-toto
Section: utils
Priority: optional
Maintainer: in-toto developers <in-toto-dev@googlegroups.com>
Uploaders:
Santiago Torres-Arias <santiago@nyu.edu>,
Lukas Puehringer <lukas.puehringer@nyu.edu>,
Holger Levsen <holger@debian.org>,
Vagrant Cascadian <vagrant@debian.org>,
Justin Cappos <jcappos@nyu.edu>,
Frédéric Pierret <frederic.pierret@qubes-os.org>,
Build-Depends:
debhelper-compat (= 13),
dh-python,
dh-exec,
python3-all,
python3-requests,
python3-mock,
python3-coverage,
in-toto (>= 1.0.0),
gnupg2,
Standards-Version: 4.6.2
Rules-Requires-Root: no
Homepage: https://in-toto.io
Vcs-Git: https://github.com/in-toto/apt-transport-in-toto.git -b debian
Vcs-Browser: https://github.com/in-toto/apt-transport-in-toto
Package: apt-transport-in-toto
Architecture: all
Depends:
${misc:Depends},
python3,
python3-requests,
python3-securesystemslib,
in-toto (>= 1.0.0),
gnupg2,
Description: apt transport method for in-toto supply chain verification
apt-transport-in-toto provides a custom transport method for apt that fetches
and verifies signed build information from autonomous rebuilders upon package
installation.
.
It uses the supply chain security framework in-toto for its verification
protocol, to i.a. define trust relationships and exchange and verify build
information.
.
apt-transport-in-toto is developed at the Secure Systems Lab of NYU.
|
