Python reference implementation of The Update Framework (TUF)
This release is a small API change for Metadata API users (see below). ngclient API is compatible but optional DSSE support has been added.
Root.get_verification_result()
and Targets.get_verification_result()
specifically)Root.get_root_verification_result()
has been added to handle the special
case of root verificationThis is a security fix release to address advisory GHSA-77hh-43cm-v8j6. The issue does not affect tuf.ngclient
users, but could affect tuf.api.metadata
users.
See CHANGELOG.md for details.
See CHANGELOG.md for details.
See CHANGELOG.md for details.
See CHANGELOG.md for details.
See CHANGELOG.md for details.
This release makes ngclient and the Metadata API the supported python-tuf APIs.
It also removes the legacy implementation as documented in the 1.0.0 announcement:
all library code is now contained in tuf.api
or tuf.ngclient
.
See Python-TUF reaches version 1.0.0 for a blog post about this release.
NOTE: This will be the final release of python-tuf that includes the legacy implementation code. Please see the 1.0.0 announcement page for more details about the next release and the deprecation of the legacy implementation, including migration instructions.
For users of legacy client (tuf.client module) this is purely a security fix release with no API or functionality changes. For ngclient (tuf.ngclient) and Metadata API (tuf.api.metadata), some API changes are included.
All users are advised to upgrade.
Note that python-tuf has required python>=3.5 since release 0.18.0.