The project is currently managed by Justin Cappos at New York University.
Consensus Builder:
Justin Cappos
Email: jcappos@nyu.edu
GitHub username: @JustinCappos
PGP fingerprint: E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A
Maintainers:
Sebastien Awwad
Email: sebastien.awwad@gmail.com
GitHub username: @awwad
PGP fingerprint: C2FB 9C91 0758 B682 7BC4 3233 BC0C 6DED D5E5 CC03
Vladimir Diaz
Email: vladimir.diaz@nyu.edu
GitHub username: @vladimir-v-diaz
PGP fingerprint: 3E87 BB33 9378 BC7B 3DD0 E5B2 5DEE 9B97 B0E2 289A
We welcome a variety of different kinds of contributions.
If you would like to make contributions to this repository, for the reference implementation or the demonstration code (or the documentation here), you are encouraged to submit a GitHub pull request to this repository. Please follow these development instructions. Ideally, please include unit tests for any new software feature or change.
Submitted pull requests undergo review and automated testing, including, but not limited to:
- Unit and build testing via Travis CI
- Review by one or more maintainers
Issues with the reference implementation or demonstration code in this repository (e.g. bugs, feature requests, security issues specifically with the code) should be noted in this repository as issues.
We welcome security audits of the Uptane design, or vulnerability reports of the design or the code in this repository. Please contact Justin Cappos and Sebastien Awwad via the contact information above. Uptane is defined in the three documents listed here.
Should the information be highly sensitive, auditors / reporters may employ PGP encryption in an email to Justin Cappos using the public key whose PGP fingerprint is listed above.
Audits of TUF alone (which Uptane employs) should instead be submitted per these instructions.
One can propose changes to the system design by submitting comments to the following documents (or contacting the uptane@googlegroups.com mailing list):