Notary is a signing scheme from the publisher. It is an improvement over GPG signing + a better scheme for signaling to clients the next version to update.
Asset Transparency doesn't require the publisher to be involved at all and can work on any URL on the internet that is publicly accessible. It also complementary to signing schemes.
Here is the Asset Transparency CLI fetching and verifying the contents of a notary release for example:
tl get https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-Linux-amd64
Or if you are curious hit the service’s lookup endpoint directly:
Asset Transparency doesn't require the publisher to be involved at all and can work on any URL on the internet that is publicly accessible. It also complementary to signing schemes.
Here is the Asset Transparency CLI fetching and verifying the contents of a notary release for example:
Or if you are curious hit the service’s lookup endpoint directly: