Bug#931026: RFS: apt-transport-in-toto/0.1.0 [ITP]

To: submit@bugs.debian.org
Subject: Bug#931026: RFS: apt-transport-in-toto/0.1.0 [ITP]
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Mon, 24 Jun 2019 18:33:48 +0200
Message-id: <[🔎] 4250cd1b-626e-3a5e-c0b8-24c1bf15f336@nyu.edu>
Reply-to: Lukas Puehringer <lukas.puehringer@nyu.edu>, 931026@bugs.debian.org

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "apt-transport-in-toto"

* Package name    : apt-transport-in-toto
  Version         : 0.1.0
  Upstream Author : in-toto developers <in-toto-dev@googlegroups.com>
* URL             : https://github.com/in-toto/apt-transport-in-toto
* License         : Apache-2.0
  Section         : devel

It builds those binary packages:

  apt-transport-in-toto - apt transport method for in-toto supply chain verification

To access further information about this package, please visit the following URL:

https://mentors.debian.net/package/apt-transport-in-toto


Alternatively, one can download the package with dget using this command:

  dget -x
https://mentors.debian.net/debian/pool/main/a/apt-transport-in-toto/apt-transport-in-toto_0.1.0.dsc

More information about apt-transport-in-toto and the underlying in-toto
verification protocol can be obtained from https://in-toto.io.

apt-transport-in-toto depends on "in-toto", which in turn depends on the general
purpose crypto and schema library "securesystemslib", for both of which ITPs are
available:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931013
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931015

apt-transport-in-toto was demonstrated at MiniDebConf 2019 in Hamburg. A
recording of the talk and demo is available at:
https://saimei.ftp.acc.umu.se/Public/debian-meetings/2019/miniconf-hamburg/in-toto.webm

Build instructions (with pointers to build instructions for securesystemslib and
in-toto) are available under:
https://github.com/in-toto/apt-transport-in-toto/commit/34b347729ed77fa6aa43bcce586367aca9b92922

Note that there are some decisions about the root of trust and key distribution
to be made before uploading the package. See inline TODO comments in "*.install"
file and a corresponding GitHub discussion for more details:

https://github.com/in-toto/apt-transport-in-toto/blob/debian/debian/apt-transport-in-toto.install
https://github.com/in-toto/apt-transport-in-toto/issues/13

Changes since the last upload:
apt-transport-in-toto (0.1.0) unstable; urgency=low

  *  Initial Debian release.

 -- Lukas Puehringer <lukas.puehringer@nyu.edu>  Fri, 07 Jun 2019 12:14:02 -0400



Regards,
 Lukas Pühringer

-- 
lukas.puehringer@nyu.edu
PGP fingerprint: 8BA6 9B87 D43B E294 F23E  8120 89A2 AD3C 07D9 62E8

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#931015: RFS: python-securesystemslib/0.11.3-1 [ITP]
Next by Date: Bug#931036: RFS: dhelp/0.6.26 QA, RC
Previous by thread: Bug#931015: RFS: python-securesystemslib/0.11.3-1 [ITP]
Next by thread: Bug#931036: RFS: dhelp/0.6.26 QA, RC
Index(es):
- Date
- Thread