Bug 2223452

Summary: Review Request: python-conda-content-trust - Signing and verification tools for conda
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: package-review
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/conda/%{srcname}
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2023-07-18 00:38:03 UTC
Spec URL: https://orion.fedorapeople.org/python-conda-content-trust.spec
SRPM URL: https://orion.fedorapeople.org/python-conda-content-trust-0.1.3-1.fc39.src.rpm
Description:
Based on The Update Framework (TUF), conda-content-trust is intended to ensure
that when users in the conda ecosystem obtain a package or data about that
package, they can know whether or not it is trustworthy (e.g. originally comes
from a reliable source and has not been tampered with). A basic library and
basic CLI are included to provide signing, verification, and trust delegation
functionality.

This exists as an alteration of TUF because of the very particular needs of
the conda ecosystem. (Developers are encouraged to just use TUF whenever
possible!)

This tool is general purpose. It is currently used in conda 4.10.1+ to verify
package metadata signatures when they are available.

Fedora Account System Username: orion

Scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=103499544

Comment 1 Fedora Review Service 2023-07-18 00:43:47 UTC
Copr build:
https://copr.fedorainfracloud.org/coprs/build/6180083
(succeeded)

Review template:
https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2223452-python-conda-content-trust/fedora-rawhide-x86_64/06180083-python-conda-content-trust/fedora-review/review.txt

Please take a look if any issues were found.

---
This comment was created by the fedora-review-service
https://github.com/FrostyX/fedora-review-service

If you want to trigger a new Copr build, add a comment containing new
Spec and SRPM URLs or [fedora-review-service-build] string.