The TUF project consists of three components:

  • Specification – the detailed TUF specification describes how to add TUF metadata to a repository and the process to arrange for clients to use that metadata to download and verify targets.
  • Standardization process – major changes to the specification, including new features, are made as TUF Augmentation Proposals (TAPs).
  • Reference implementation – python-tuf provides a reference implementation of the TUF specification and is used as a vital part of the TAPs process to prototype changes to the specification.

The project is currently managed by a team of collaborators from academia and industry.

Many people have contributed to the project since its inception, including academics, professional developers, and contributors from the open-source community. We especially acknowledge the individuals from the open-source community who have contributed to the TUF project over the years.

Please visit the governance page to learn how project decisions are made, and for a more detailed explanation of the project roles used below.

Consensus Builder

Justin Cappos


GitHub username: JustinCappos

PGP fingerprint: E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A


MaintainerEmailGitHub usernamePGP fingerprint
Trishank Karthik Kuppusamytrishank.karthik@datadog.comtrishankatdatadog8C48 08B5 B684 53DE 06A3 08FD 5C09 0ED7 318B 6C1E
Joshua Lockjoshua.lock@uk.verizon.comjoshuagl08F3 409F CF71 D87E 30FB D3C2 1671 F65C B748 32A4
Marina Mooremm9693@nyu.edumnm678
Lukas Pühringerlukas.puehringer@nyu.edulukpueh8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8