Apt-transport-in-toto provides a custom transport method for apt that fetches and verifies signed build information from autonomous rebuilders upon package installation.

It uses the supply chain security framework in-toto for its verification protocol, to i.a. define trust relationships and exchange and verify build information.

apt-transport-in-toto is developed at the Secure Systems Lab of NYU.