AFAIK several language package managers have looked at implementing TUF for their repositories, but the only live implementation that I know of is Docker Content Trust. I kind of think it's an important part of secure…
For me they're very similar. I actually did a talk last year for OWASP AppsecEU where I started with the curl|bash bit and pointed out where rubygems/npm etc aren't really a lot better in some ways…
AFAIK several language package managers have looked at implementing TUF for their repositories, but the only live implementation that I know of is Docker Content Trust. I kind of think it's an important part of secure…
For me they're very similar. I actually did a talk last year for OWASP AppsecEU where I started with the curl|bash bit and pointed out where rubygems/npm etc aren't really a lot better in some ways…