The Update Framework: Securing Your Software Updates with Justin Cappos


March 4th, 2017

37 mins 21 secs

Your Hosts

About this Episode


If you write software then there’s a good probability that you have had to deal with installing dependencies, but did you stop to ask whether you’re installing what you think you are? My guest this week is Professor Justin Cappos from the Secure Systems Lab at New York University and he joined me to discuss his work on The Update Framework which was built to guarantee that you never install a compromised package in your systems.


  • Hello and welcome to Podcast.__init__, the podcast about Python and the people who make it great.
  • I would like to thank everyone who has donated to the show. Your contributions help us make the show sustainable.
  • When you’re ready to launch your next project you’ll need somewhere to deploy it. Check out Linode at and get a $20 credit to try out their fast and reliable Linux virtual servers for running your awesome app.
  • Visit our site to subscribe to our show, sign up for our newsletter, read the show notes, and get in touch.
  • To help other people find the show you can leave a review on iTunes, or Google Play Music, and tell your friends and co-workers
  • Your host as usual is Tobias Macey and today I’m interviewing Justin Cappos about The Update Framework, an open spec and reference implementation for mitigating attacks on software update systems.


  • Introduction
  • How did you first get introduced to Python?
  • Please start by explaining what The Update Framework (TUF) is and the problem that you were trying to solve when you created it.
  • How is TUF architected and what led you to choose Python for the reference implementation?
  • TUF addresses the problem of ensuring that the packages that get installed are created by the right developers, but how do you properly establish trust in the first place?
  • Why are consistent and auditable dependencies important for the security of a system and how does TUF help with that goal?
  • What are some of the known attack vectors for a software update system and how do Python and other systems attempt to mitigate these vulnerabilities?
  • One of the perennial problems with any dependency management system is that of transitive dependencies. How does TUF handle this extra complexity of ensuring that all of the secondary, tertiary, etc. dependencies are also properly pinned and trusted?
  • For someone who wants to start using TUF what are the steps to get it set up with pip?
  • How would a project that wants to use TUF, do so?
  • Who is using TUF and when will it be used with PyPI?

Keep In Touch



The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA