Proposing a project move to theupdateframework

[jku]

As previously mentioned in community meeting and slack:

We (contributors of the "TUF-on-CI" implementation that currently lives in https://github.com/jku/repository-playground/tree/main/playground and https://github.com/jku/playground-template/) would be happy to move that TUF-on-CI implementation to theupdateframework GitHub org if there's interest for that.

Short description:

• The project is a TUF repository (and signing tool) implementation
• both components are built with python-tuf with tight integration with git, GitHub Actions and GitHub Issues
• Main features include
  • managed multi-user signing events with threshold signing
  • automated online signing
  • runs on a CI system (GitHub as of now)
• Goals are simplicity and easy of use -- this is a TUF repository where maintainers and signers do not need to be TUF specialists
• Target use cases are repositories with relatively small number of signers, where most artifact updates require a human signature
• Current state of the project is that it's good enough for testing, and approaching first releases. There is still a lot to do and current contributors are certainly hoping for more developers to appear

Some background details:

• The repository-playground git repo is an open source project and a place for TUF experiments: TUF-on-CI was one of them, and successful enough that it should be a project of it's own instead. Only the contents of the playground subdirectory will be moving.
• The playground-template repository would be moving as well: it's a small repository that new TUF repository maintainers will fork to start their repository
• license is MIT, copyright owners include VMware, Google, GitHub, NYU and Jussi Kukkonen
• Current contributors: Jussi Kukkonen, Fredrik Skogman, Lukas Puhringer (and others during idea phase before implementation). These three would be initial project maintainers.

The name I'm thinking of right now is TUF-on-CI (or tuf-on-ci and tuf-on-ci-template as GitHub project names) but we'll also take better suggestions :)

[lukpueh]

Closing with https://github.com/theupdateframework/tuf-on-ci