Skip to content

The Update Framework (TUF)

A framework for securing software update systems so that a compromised repository or signing key cannot push malicious updates to clients.

  • Category: Supply Chain
  • CNCF maturity: Graduated
  • Language: Python (>=3.10)
  • License: Apache-2.0 OR MIT (dual)
  • Repository: theupdateframework/python-tuf
  • Documented at commit: 9a3c304 (near tag v7.0.0, 2026-05-18)

What it is

TUF is a specification for compromise-resilient software updates, and python-tuf is its reference implementation. The threat it addresses is not "is this file corrupted" but "what happens after an attacker takes over the repository or steals a signing key". TUF answers that with separated roles, threshold signatures, offline keys, key revocation, and metadata that carries freshness (expiry), ordering, and version information so clients can reject rollback and freeze attacks.

python-tuf ships as a library, not a CLI. The public surface is tuf.ngclient, which exports Updater, UpdaterConfig, FetcherInterface, Urllib3Fetcher, and TargetFile (tuf/ngclient/__init__.py:6). A lower-level Metadata API (tuf.api) handles serialization and signature verification, and tuf.repository provides the base class for building repository-side tooling.

It sits underneath a software distribution system. A package index, an artifact CDN, or a signing service uses TUF metadata to let clients verify what they download against signed, role-separated metadata before trusting it.

When to use it

  • You distribute software or artifacts and need clients to keep verifying integrity even if your repository or one signing key is compromised.
  • You need protection against rollback (serving an old, vulnerable version) and freeze (withholding updates) attacks, not just file integrity.
  • You are implementing a signed metadata layer for a package index (PEP 458 for PyPI) or a trust-root distribution channel (Sigstore).
  • It is not the right fit when you only need to verify that a single file matches a known hash, or when a detached signature (GPG) over one artifact is enough.

In this deep-dive

Sources

  1. theupdateframework/python-tuf source, pinned 9a3c304
  2. The Update Framework (TUF), CNCF project page
  3. The Update Framework, Wikipedia
  4. CNCF Announces TUF Graduation, PRNewswire
  5. Open-source system to secure software updates graduates, NYU Tandon
  6. PEP 458: Secure PyPI downloads with signed repository metadata
  7. Implementing PEP 458 to Secure PyPI Downloads, VMware OSS blog
  8. Sigstore: Bring-your-own sTUF with TUF, Sigstore blog
  9. sigstore/sigstore-python releases
  10. tuf on PyPI