
CNCF to Host Two Security Projects – Notary and TUF Specification - anonymuse
https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/
======
anonymuse
More details on the proposal and discussion can be found in the merged pull
request here:

[https://github.com/cncf/toc/pull/38](https://github.com/cncf/toc/pull/38)

and the voting here, in case you'd like to see into the decision making
process that went into this:

[https://lists.cncf.io/pipermail/cncf-
toc/2017-October/001309...](https://lists.cncf.io/pipermail/cncf-
toc/2017-October/001309.html)

There also a very interesting sub-discussion about bundling Notary and TUF
together, an what the implications are for pairing image signing and package
signing into a single request. While TUF can be seen as a next gen tool for
signing groups of digital content, it's relationship at this point to Notary
is yet to be solidified.

------
jmacsurf
Cool

