Changes between Initial Version and Version 1 of GIR2.1_SecureUpdates

03/14/11 21:59:17 (11 years ago)



  • GIR2.1_SecureUpdates

    v1 v1  
     1== Secure Updates Evaluation ==
     3Version evaluated was downloaded with Mercurial instructions from 
     5hg clone
     7The Update Framework (TUF) changeset version for downloaded is 11.
     9The [ TUF] page provided pointers to an
     10example [ PyPI] repository mirror that
     11includes TUF metadata. The [ TUF] page also
     12includes an attachment for an example
     13[ TUF PyPI client].
     15Time Frame: This evaluation took place on June 30, 2010.
     17== Secure Updates Findings ==
     18Instruction were clear and straight forward, and are found at the
     19[ TUF: The Update Framework] site.
     20The enclosed README give a pointer to the TUF site.
     22The example [ PyPI repository mirror] was used to execute the run-time 
     23commands, no repository was set up for this evaluation.
     25One python path problem was encountered while trying to use the client which was resolved by unpacking the
     26client first and then getting TUF in the same directory. This is capture in the section below.
     29== Secure Updates How-to ==
     31Trying to use the client ran into python path issues which were resolved
     32by unpacking the client first and then getting TUF in the same directory:
     34lnevers@sendaria:~$ tar xvzf tuf_pypi_example.tar.gz
     35lnevers@sendaria:~$ cd tuf_pypi_example
     36lnevers@sendaria:~/tuf_pypi_example$ hg clone
     39Once the tuf repo is inside the tuf_pypi_example directory, one can get listings of packages
     41lnevers@sendaria:~/tuf_pypi_example$ ./ list 3to2
     42[2010-06-30 11:15:02,519] [tuf] [INFO] Downloading
     46and download a package
     48lnevers@sendaria:~/tuf_pypi_example$ ./ download 3to2-0.1a3.tar.gz   
     49[2010-06-30 11:15:40,094] [tuf] [INFO] Downloading
     50[2010-06-30 11:15:40,329] [tuf] [INFO] Downloading
     51[2010-06-30 11:15:40,927] [tuf] [INFO] Correct hash: d48d764e781597644e8d41a83954cb62354c07d2c74abdd7e32e4d119d764636
     52Downloaded file: 3to2-0.1a3.tar.gz
     55Here is an example of a package without any updates:
     58lnevers@sendaria:~/tuf_pypi_example$ ./ list neveredit
     59[2010-06-30 11:20:20,567] [tuf] [INFO] Downloading
     60[2010-06-30 11:20:20,822] [tuf] [INFO] Metadata 'targets/n.txt' has changed
     61[2010-06-30 11:20:20,822] [tuf] [INFO] Downloading
     62[2010-06-30 11:20:21,578] [tuf] [INFO] Metadata 'targets/n/neveredit.txt' has changed
     63[2010-06-30 11:20:21,578] [tuf] [INFO] Downloading
     64No files are available for package neveredit