Link to my Medium blog post on TUF

[mulgu...@gmail.com]

Hi folks,

Here's the link to my Medium blog post on TUF. As the post was getting too lengthy--more than 3000 words--I have broken it into two parts.

Part 1 covers, why securing the entire software update delivery system is needed, how TUF works to provide this security, the design principles that underpin TUF, and its structure.

Part 2, which I am yet to finish, will cover metadata file formats and repository layout.

Please do read and let me know if I have made any mistakes.

https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-1-f9bbb34bcbbc

Thanks Lukas, for helping me out whenever I needed it.

Regards

Prashanth

[Lukas Puehringer]

Thanks for spreading the word about TUF, Prashanth! I hope you don't mind me
sharing the blog post on TUF's CNCF slack channel?

Also, you are very welcome to shoot me more question when you write Part 2 ...
or in case you want to write a blog post about TUF's sister project 'in-toto',
which helps to protect the rest of the software supply chain. ;)

Cheers,
Lukas

[1] https://in-toto.io/

On 19.08.2020 8:32 AM, mulgu...@gmail.com wrote:
> Hi folks,
>
> Here's the link to my Medium blog post on TUF. As the post was getting too
> lengthy--more than 3000 words--I have broken it into two parts.
>
> Part 1 covers, why securing the entire software update delivery system is
> needed, how TUF works to provide this security, the design principles that
> underpin TUF, and its structure.
>
> Part 2, which I am yet to finish, will cover metadata file formats and
> repository layout.
>
> Please do read and let me know if I have made any mistakes.
>

> https://urldefense.proofpoint.com/v2/url?u=https-3A__medium.com_-40mulgundmath_secure-2Dsoftware-2Dupdates-2Dvia-2Dtuf-2Dpart-2D1-2Df9bbb34bcbbc&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=gi-t_HfB0cUfkEVjOZPKM3TlzxRL-wZV8S_IRtT_NOw&s=efWzuJFBo-wkYLNHul2YEmgOAwF28MW8VsXHPGEkmZw&e=

>
> Thanks Lukas, for helping me out whenever I needed it.
>
> Regards
> Prashanth
>

--
lukas.pu...@nyu.edu
PGP fingerprint: 8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8

[mulgu...@gmail.com]

You're welcome Lukas! Please do share, you would be doing me a favor.

Thanks, will definitely ask in case I have doubts.

I remember reading about in-toto a while back and thinking, yup this is needed too. About a blog on in-toto, can't commit to it right now but will definitely keep it in my mind; thanks for the suggestion. :-)  Uptane also interests me as I am also into IoT.

Regards

Prashanth

[Lois A DeLong]

Hello, Prashanth. I look forward to reading your article. We will get this link posted on our Secure Systems Lab web site as well. We maintain lists with links of media coverage of our projects. So that may give the blog a bit of a boost as well.

Thanks.

Lois Anne DeLong

NYU Tandon/SSL 

[mulgu...@gmail.com]

Thanks Lois! That should definitely help. Much appreciated.

Regards

Prashanth

[mulgu...@gmail.com]

Hi folks,

Have published part two of my blog post on TUF. Link:

https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-2-412c6a2b10ab

Part two focuses on metadata file format and repository layout generated by the reference implementation.

Please do read and let me know if I have made any mistakes.

Thanks & Regards

Prashanth

[Trishank Karthik Kuppusamy]

On Tue, Sep 1, 2020 at 6:27 AM mulgu...@gmail.com <mulgu...@gmail.com> wrote:

Have published part two of my blog post on TUF. Link:

https://medium.com/@mulgundmath/secure-software-updates-via-tuf-part-2-412c6a2b10ab

Part two focuses on metadata file format and repository layout generated by the reference implementation.

Please do read and let me know if I have made any mistakes.

Fantastic, thanks! Will read and comment. This is going to be very useful, I imagine, to people new to TUF... 

[mulgu...@gmail.com]

Thanks Trishank! Hopefully it will serve as a detailed introduction to TUF, and then people can move on to the TUF Specification to understand in depth. 

Regards

Prashanth

[Trishank Karthik Kuppusamy]

On Tue, Sep 1, 2020 at 11:17 AM mulgu...@gmail.com <mulgu...@gmail.com> wrote:

Thanks Trishank! Hopefully it will serve as a detailed introduction to TUF, and then people can move on to the TUF Specification to understand in depth. 

We should add these blog posts to the homepage

Would you mind sending a PR to https://github.com/theupdateframework/theupdateframework.io ? 

[mulgu...@gmail.com]

Sure, will do that.

[mulgu...@gmail.com]

Have created a PR (issue): https://github.com/theupdateframework/theupdateframework.io/issues/13

Went through the first five pages of a Google search and found quite a few blog posts; some of them are really good--no, I am not talking about my blog post :-D.  Have added the title and links of those blog posts into the PR.

[Lois A DeLong]

Adding these groups to the site is a good idea, but let me ask a mechanical question. Do we have the right to re-post this material? Sorry if this sounds like an ignorant question, but I spent too many years in traditional publishing where submissions to one magazine or journal required permission to republish. While I know that technically this is not republishing, as we are only posting a link to the existing article, I still felt it was a question we needed to ask.

Lois

[Sumana Harihareswara]

Yes, anyone on the Web has the right to link to any other resource publicly available on the Web. Deep-linking is legal and permissible: https://www.dmlp.org/legal-guide/linking-copyrighted-materials