1. Why the name “in-toto”?
in-toto is Latin for “as a whole.” We chose the name because our objective with in-toto is to build a system to protect the whole software supply chain.
2. What is the difference between in-toto and The Update Framework (TUF)?
TUF provides a framework that can be used to secure update systems, i.e. the “last mile,” whereas in-toto lets you verify the whole software supply chain. TUF and in-toto can play together very well, as you can use TUF to deliver updates and their corresponding in-toto metadata.
3. Is Python 3 supported?
Yes, Python 3 is supported with in-toto.
4. Is there a timeline for the support of Python 2.7?
We have released the final version of in-toto, v1.0.1, that supports Python 2. Our next release, at the end of April 2021, will drop support for Python 2.