the update framework

The Update Framework TUF is a specification (and implementation) of a process for generating and validating metadata to ensure content is fresh and available.


TUF aims to be flexible and support old stuff so it is as underspecified as it is specified, preferring to leave a lot of details to implementors.

From the client perspective (thing asking for updates), TUF provides 2 main functions: polling for new updates and fetching those updates. The spec describes a set of roles (with matching keys), metadata files for the roles, and a process to be followed to either get updates or detect a denial of service or other attack, starting with just a (possibly outdated) copy of the root metadata. This is implemented as a python library tuf and a go library tuf-go, as well as a client-server notary for storing and serving the metadata.