Bug#1089833: marked as done (ITP: gittuf -- A security layer for Git repositories)

Wed, 22 Jan 2025 15:03:31 -0800 

Your message dated Wed, 22 Jan 2025 23:01:03 +0000
with message-id <e1tajiz-00aex2...@fasolo.debian.org>
and subject line Bug#1089833: fixed in gittuf 0.8.0-1
has caused the Debian Bug report #1089833,
regarding ITP: gittuf -- A security layer for Git repositories
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1089833: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089833
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <si...@josefsson.org>

* Package name    : gittuf
  Version         : 0.8.0-1
  Upstream Author : gittuf
* URL             : https://github.com/gittuf/gittuf
* License         : Apache-2.0
  Programming Lang: Go
  Description     : A security layer for Git repositories

 gittuf is a security layer for Git repositories. With gittuf, any
 developer who can pull from a Git repository can independently verify
 that the repository's security policies were followed. gittuf's policy,
 inspired by The Update Framework (TUF) (https://theupdateframework.io/),
 handles key management for all trusted developers in a repository,
 allows for setting permissions for repository branches, tags, files,
 etc., protects against other attacks
 (https://ssl.engineering.nyu.edu/papers/torres_toto_usenixsec-2016.pdf)
 Git is vulnerable to, and more — all while being backwards compatible
 with forges such as GitHub and GitLab.
 .
 gittuf is a sandbox project at the Open Source Security Foundation
 (OpenSSF) (https://openssf.org/) as part of the Supply Chain Integrity
 Working Group (https://github.com/ossf/wg-supply-chain-integrity).
 .
 Current Status
 .
 gittuf is currently in alpha. gittuf's metadata may have breaking
 changes, meaning a repository's gittuf policy may have to be
 reinitialized from time to time. As such, gittuf is currently not
 intended to be the primary mechanism for enforcing a repository's
 security.
 .
 That said, we're actively seeking feedback from users. Take a look at
 the get started guide (/docs/get-started.md) to learn how to install and
 try gittuf out! Additionally, contributions are welcome, please refer to
 the contributing guide (/CONTRIBUTING.md), our roadmap
 (/docs/roadmap.md), and the issue tracker for ways to get involved.

https://salsa.debian.org/go-team/packages/gittuf
https://salsa.debian.org/jas/gittuf/-/pipelines/

/Simon

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: gittuf
Source-Version: 0.8.0-1
Done: Simon Josefsson <si...@josefsson.org>

We believe that the bug you reported is fixed in the latest version of
gittuf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1089...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated gittuf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Dec 2024 13:02:39 +0100
Source: gittuf
Binary: gittuf gittuf-dbgsym golang-github-gittuf-gittuf-dev
Architecture: source amd64 all
Version: 0.8.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Description:
 gittuf     - security layer for Git repositories (program)
 golang-github-gittuf-gittuf-dev - security layer for Git repositories (Go 
library)
Closes: 1089833
Changes:
 gittuf (0.8.0-1) unstable; urgency=medium
 .
   * Initial release (Closes: #1089833)
Checksums-Sha1:
 e6acb92399a54acd12c5c5322c1456c282c2a319 3236 gittuf_0.8.0-1.dsc
 c00132848a6f83e2fa3edefd5931f225dfa3b3a6 467792 gittuf_0.8.0.orig.tar.gz
 162bdaa034133e91fc6fc08ec3eb6400b7a65f0f 3900 gittuf_0.8.0-1.debian.tar.xz
 572eb4667e1bf9b628e23a325882ce45c8334742 16227924 
gittuf-dbgsym_0.8.0-1_amd64.deb
 b80c64ecaf8f9303bb38a3221447945115977a2b 33558 gittuf_0.8.0-1_amd64.buildinfo
 e5c945f669b30c928724c218a3060a0deaf51354 14264476 gittuf_0.8.0-1_amd64.deb
 f069e3059017bbfbe7567e31723b57dc4464eab0 186188 
golang-github-gittuf-gittuf-dev_0.8.0-1_all.deb
Checksums-Sha256:
 a62108e0880b720814a0a51e7a13e7c4614a80bfabb857a177e204ea8012fdc9 3236 
gittuf_0.8.0-1.dsc
 49cb0532c3ab74b9e86ed5c4cca06dfdeb5b0f96f95c50b300020e5d82ddb2b0 467792 
gittuf_0.8.0.orig.tar.gz
 e92ad20c803c938252357e48931feec61e4837c88c99d02d9af15190df4168b1 3900 
gittuf_0.8.0-1.debian.tar.xz
 53359e21929f1d47aac4a1f2d631278fdf9bdc10c51eab174ae3930dc383fabe 16227924 
gittuf-dbgsym_0.8.0-1_amd64.deb
 3d9c336026d97d99174a658848db37c83de3234afbb17f5811e798cb540fb844 33558 
gittuf_0.8.0-1_amd64.buildinfo
 57885bd2239729cb7fd2948fb94b5bd98366245f701dc2b5511ef663ad69a9fe 14264476 
gittuf_0.8.0-1_amd64.deb
 160a7e8bda4d340a23a739f9e4f2933212e9ab3bc9665955112681b8988f99df 186188 
golang-github-gittuf-gittuf-dev_0.8.0-1_all.deb
Files:
 537f44eb6ae7440e2f4acecd8b2e8dfd 3236 vcs optional gittuf_0.8.0-1.dsc
 6cc87f4ea07948859f5c0f212c006425 467792 vcs optional gittuf_0.8.0.orig.tar.gz
 4b97cbeea859fb2606d887551d876be7 3900 vcs optional gittuf_0.8.0-1.debian.tar.xz
 d885f696e0d9c3bb923942bc7811df48 16227924 debug optional 
gittuf-dbgsym_0.8.0-1_amd64.deb
 fc54b9c67319a58793d4bc583a8a7815 33558 vcs optional 
gittuf_0.8.0-1_amd64.buildinfo
 b83cf493669e77d9e171c6e12187897b 14264476 vcs optional gittuf_0.8.0-1_amd64.deb
 628efab08a03b4f75fd7c28e1da59e57 186188 golang optional 
golang-github-gittuf-gittuf-dev_0.8.0-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQNoBAEWCgMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmeRcqwUHHNpbW9uQGpv
c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f
V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z
ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh
BLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgIBQkLehFUAAoJENc89jjFPAa+CboA
+wUa06RD5e5VTCxvSWtPS75Wq2qBeYGZnf0jvUMxa2n4AP4xkUeAPPnNuMsTm2fs
FCDIGaEM2Yn6Vb2huzzT1Fw/BLgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx
I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0
+MTXPPY4xTwGvgUCZf2IKwUJC3oQqgCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R
cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE
8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J
ENc89jjFPAa+GcYA/26YQY05bLtnXiIjTiAzrGQrRXxTHPA8Av7TDFHvIetWAP9s
HSoU8OfTwmTiEnGwLlsV7QJclZg3YNz/Ypcp9TqQBrg4BFySz2oSCisGAQQBl1UB
BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA
JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJl/YgwBQkLehDGAAoJENc89jjF
PAa+phoA/jrDqIrl/55vUMBhIQv+TP635d2iCTEnyFmbUcP9+gh6APoDsXalVd2c
OGxQtSC+TF8PkZMn1TLkJKAjVxr+xx40AgAKCRBRcisI/kdFoh4fAQC2owjYEU4a
cvkhthfbFXuT8RT3LMm0o4vNbLXblI3eFgD/cdqBTB8Xd56u0bwCaqhA98lxrCwi
ED25NNcviAYVfQA=
=WP+o
-----END PGP SIGNATURE-----

Attachment: pgpJ0qkXG7gSA.pgp
Description: PGP signature


--- End Message ---

Reply via email to