[Catalog-sig] RubyGems Threat Model and Requirements
Donald Stufft
donald.stufft at gmail.com
Wed Feb 13 18:59:01 CET 2013
On Wednesday, February 13, 2013 at 5:29 AM, Robert Collins wrote:
> On 13 February 2013 15:12, Giovanni Bajo <rasky at develer.com (mailto:rasky at develer.com)> wrote:
>
> > Yes, that's correct. GPG chain-of-trust concept is not used in my proposal,
> > because I don't think it would be a good fit for this problem given its
> > requirements. Specifically, I believe pip users should not be bothered with
> > useless click-through questions for each new package they install, which is
> > what you would get far too often in case chain-of-trust were used.
> >
>
>
> But this means someone that gets access to the PyPI server can just
> mark their own key as trusted and compromise any package they want.
>
> -Rob
>
I used to have the same idealistic idea that we should be able to
*not* trust PyPI for the average user. However PyPI *is* the final
authority on who has the right to publish to what name. It would be
a bit like trying to determine if the PSF owns python.org without
involving the company running the .org TLD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130213/a2493f68/attachment.html>
More information about the Catalog-SIG
mailing list