Goal: Experimental version

Status: Done

Not for a Production Deploy. This release is for PoV/PoC of the project.

Features:

• [x] Bootstrap the Repository Service for TUF (Initial TUF Metadata)

• [x] Storage Service: Local file system

• [x] Key Vault Service: Local file system

• [x] Add targets

• [x] Delete targets

• [x] Generate Token

• [x] Retrieves the Repository Service for TUF settings

• [x] Automatically version Bump Snapshot Metadata

• [x] Automatically version Bump Timestamp Metadata

• [x] Automatically version Bump hash-bins Metadata

• [x] Release CI/CD in all components (Issue #25)

Components Milestones:

• repository-service-tuf-api v0.0.1aX

• repository-service-tuf-worker v0.0.1aX

• repository-service-tuf-cli v0.0.1aX

Goal: Minimum Working Version

Status: Done

Not for a Production Deploy. This release is to evaluate the features and functionality.

• [x] Public online documentation (Issue #22)

• [x] Implement HTTPS for the Rest API (Issue #6)

• [x] Data load for migrations (Issue #188)

• [x] Remove the BIN Keys from Ceremony/Bootstrap Process [Roles simplification] (Issue #28)

• [x] Remove from the bootstrap the online keys [Roles simplification] (Issue #207)

• [x] Simplify the metadata bootstrap process [Roles simplification] (Issue #208)

• [x] Option to Disable the API Authentication/Authorization (Issue #41)

• [x] Key(s) Rotation (Issue #23)

Minimum Working Version (MWV) Board.

Components Milestones:

• repository-service-tuf-api v0.4.0b1

• repository-service-tuf-worker v0.5.0b1

• repository-service-tuf-cli v0.4.0b1

Goal: Minimum Valuable Product

Status: TBD

First Production Deploy This release achieves the minimum valuable product for users.

• [x] Deployment Design Document (Issue #227)

• [x] Support to AWS S3 (Storage) (Issue # <https://github.com/repository-service-tuf/repository-service-tuf/issues/24>)

• [ ] AWS KMS (Key Vault) (Issue #24)

• [ ] Support of HashiCorp Vault (Issue #509)

• [ ] Distributed asynchronous threshold signing (Issue #327)

• [ ] Support CLI using HSM for signing - Ceremony, Metadata Update and Sign (Issue #351[cli])

• [ ] Create/Remove custom delegate Target Roles (Issue #354)

• [ ] Security Audit on RSTUF Project (Issue #246)

Components Milestones:

• repository-service-tuf-api v1.Y.Z

• repository-service-tuf-worker v1.Y.Z

• repository-service-tuf-cli v1.Y.Z

Goal: End-to-End Signing

Status: TBD

Implement End-to-end signing of packages. Developers or Release Manager can sign the artifacts. See PEP 480 for more details.

• repository-service-tuf-api vT.B.D

• repository-service-tuf-worker vT.B.D

• repository-service-tuf-cli vT.B.D