golang-github-in-toto-archivista 0.11.1-1
Package Information
| Description | graph and storage service for in-toto attestations (library) Archivista is a graph and storage service for in-toto (https://in-toto.io) attestations. Archivista enables the discovery and retrieval of attestations for software artifacts. Archivista enables you to * Store and retrieve in-toto attestations * Query for relationships between attestations via a GraphQL API * Validate Witness policy without the need to manually list expected attestations Archivista is a trusted store for supply chain metadata * It creates a graph of supply chain metadata while storing attestations that can be later used for policy validation and flexible querying. * It is designed to be horizontally scalable, supporting storing a large number of attestations. * It supports deployment on major cloud service and infrastructure providers, making it a versatile and flexible solution for securing software supply chains. * It only stores signed attestations to further enhance security and increase trust. Key Features * Native support for storing attestations created by Witness * A GraphQL API endpoint and playground * Support for MySQL and Postgres database backends * Support for S3-compatible object storage * A Helm Chart for deployment in Kubernetes environments * The ability to download and export attestations to transfer across an air gap * Support for Darwin, Windows, and ARM architectures. This package contains the Go development library. |
|---|---|
| Maintainer | Debian Go Packaging Team <team+pkg-go@tracker.debian.org> |
| Changed By | Simon Josefsson <simon@josefsson.org> |
| Sponsor | simon@josefsson.org |
| Distribution | unstable |
| Architecture | all |
| VCS | git: https://salsa.debian.org/go-team/packages/golang-github-in-toto-archivista.git (browse) |
| Closes | #1121252 |
| Blocked Bugs | #1089740 (wishlist) |
| Tracker | https://tracker.debian.org/pkg/golang-github-in-toto-archivista |
| Uploaded | 4 hours ago |
New Package Report
.changes
| Distribution | unstable |
|---|---|
| Date | Sun, 15 Mar 2026 18:28:03 +0100 |
| Source | golang-github-in-toto-archivista |
| Version | 0.11.1-1 |
| Changed-By | Simon Josefsson |
| Architecture | source all |
Changelog
golang-github-in-toto-archivista (0.11.1-1) unstable; urgency=medium . * Initial release (Closes: #1121252)
.dsc
| Priority | optional |
|---|---|
| Component | main |
| Package-List | golang-github-in-toto-archivista-dev deb golang optional arch=all |
| Section | golang |
debian/copyright
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Source: https://github.com/in-toto/archivista Upstream-Name: archivista Files: * Copyright: 2022-2025 The Archivista Contributors License: Apache-2.0 Files: SECURITY-INSIGHTS.yml Copyright: 2023 The Witness Contributors License: Apache-2.0 Files: ent/schema/uuidgql/uuidgql.go Copyright: 2019-present Facebook License: Apache-2.0 Files: debian/* Copyright: 2025-2026 Simon Josefsson <simon@josefsson.org> License: Apache-2.0 Comment: Debian packaging is licensed under the same terms as upstream License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . https://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Comment: On Debian systems, the complete text of the Apache version 2.0 license can be found in "/usr/share/common-licenses/Apache-2.0".