Python-Tuf v0.18.0

What’s new in Python-Tuf v0.18.0?

by | 25.09.2021 | Changelog

Python-Tuf v0.18.0 recently came, and it is quite a big update with major and minor changes. We will go through all of those changes, additions, fixes and removals in this document.

Without further a due, let’s start!

What is Python-Tuf?

The Update Framework (TUF) or TUF helps developers maintain the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system. Linux Foundation hosts TUF as part of the Cloud Native Computing Foundation (CNCF) and various tech companies and open source organizations. You can use a variant of TUF called Uptane to secure over-the-air updates in automobiles. The python-tuf repository is the reference implementation of The Update Framework (TUF). It is written in Python and intended to conform to version 1.0 of the TUF specification.


0.18 is quite a big release with three main themes:

Firstly, we can see that the latest release will support only Python 3 and modernize the infrastructure accordingly.

Secondly, we can see that Metadata API (a low-level API for metadata de/serialization and modification) is now feature-complete for the client use cases. The new release brings the addition of ngclient (a new high-level client API). You must consider ngclient an unstable API and not yet recommended for production use.

Finally, the Github project name got changed. In version0.18.0, the naming of the project is now “python-tuf” instead of “tuf”. Redirects are in place for the old name, but you must update the links.


The release of version 0.18.0 brings the addition of ADR6, where we can see the implementation of serialization. We find the addition of ADR8 in which unrecognized fields gets priority. We also see the addition of ADR9, which will refine references for implementation purposes. There is also the addition of client Network IO abstraction.

The latest release brings many features to Metadata API to support de/serializing specification-compliant Metadata and safer access through API such as Metadata.from_bytes()/to_bytes(), Key, Role, DelegationRole, Delegations, MetaFile and TargetFile. With this release, we see the verification of the threshold of signatures. There is now the expiration of the check method. We also see the addition of the support for unrecognized fields in Metadata. Again, the new release will bring the use of Generics to improve static typing. There is also extensive Metadata API testing and validation. Also, the addition of ngclient, a new client library implementation, gets a special mention. Finally, we can see many infrastructure improvements such as mypy, black and isort integration, and API reference documentation.


Version 0.18.0 brings the removal of Python 2 support. There is also a removal of direct dependency on six. Furthermore, we see the removal of obsolete references to Thandy in a LICENSE file.


The latest update brings the changes in Bump dependencies such as Certifi, Cryptography, Idna, Requests, Securesystemslib, Six and Urllib3. We see the replacing of indirect dependency chardet with charset-normalizer. Again, we find the moving of Metadata API serialization to sub-package. There is also the use of the SecureSystemslib Signer interface in Metadata API. Finally, we can observe the making of imports compatible with vendoring.


The latest release brings a few fixes. Firstly, we can see the fixing of ‘ecdsa’, which is now a supported key type. Again, we see the fixing of various build infrastructure issues. Finally, the test fixes will give a lot of benefits to the users.


We have gone through all of the new additions and changes that Python-Tuf brought with version 0.18.0. You can try out the latest version by clicking here. Contribute to the repository by clicking here. Have a blast while trying out this framework, and we will see you guys in the next one.

You can find more of our blogs below. Happy learning!


The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts


Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

Related articles6

What’s new in Kuma v1.3.0?

What’s new in Kuma v1.3.0?

Kuma recently came with their new version of 1.3.0. It has come up with several bug fixes and new features with this update. In this article, we will see those fixes and new features which will make users have a great experience with the product. Buck up, and let’s...

What’s new in Istio v1.11.3?

What’s new in Istio v1.11.3?

Istio came with its new version recently. It is a minor release, but it contains some significant changes and fixes. In this article, we will have a detailed look at what version 1.11.3 brings to the table. So, without wasting any time. Let's start! What is Istio?...

What’s new in Traefik v2.5.3?

What’s new in Traefik v2.5.3?

Traefik came with a new version of 2.5.3. This version mainly focuses on bug fixing and adding documents. This article will cover all of those entirely. It is not a big update, so this article will be short and crisp. Buckle up for a ride. Let's start! What is...

What’s new in Prometheus v2.30?

What’s new in Prometheus v2.30?

Prometheus v2.30 was released a few days ago, and it is an exciting update. This update is not very inclined on adding new features to the ecosystem, but it brings several enhancements to configurability and resource usage efficiency. It also brings several bug fixes....

What’s new in Envoyproxy v1.19.1?

What’s new in Envoyproxy v1.19.1?

Envoyproxy came with its new version a few days ago. Version 1.19.1 comes with very few updates. It provides a few minor behavioural changes and a few bug fixes to make the user experience smoother. In this article, we will cover all of the new changes. Let's start!...

What’s new in Jaeger v1.26.0?

What’s new in Jaeger v1.26.0?

Jaeger v1.26.0 recently came. It has a few changes in its backend. In this article, we will cover all of this in a straightforward way. We will see all of the fixes and the new features that the devs have added. Let's start! What is Jaeger? Jaeger is a graduated CNCF...