[IPython-dev] Storing signatures outside the notebook

[Matthias Bussonnier]

Le 17 déc. 2014 à 06:54, MinRK <benjaminrk at gmail.com> a écrit :

> 
> 
> On Tue, Dec 16, 2014 at 4:14 PM, Ondřej Čertík <ondrej.certik at gmail.com> wrote:
> What is the point of the signature in the first place? Is it just to
> verify that the .ipynb file is consistent, i.e. no accidental changes?
> I just use git for that.
> 
> The question we want to answer is "Has the user explicitly trusted this notebook?" We don't want to execute untrusted code in html/js outputs when the notebook is opened. There are two mechanisms to trust a notebook:
> 
> 1. manually mark that the notebook is trusted
> 2. execute the entire notebook yourself
> 
> The question is all in how IPython stores and checks whether that notebook is trusted. Currently, IPython hashes the contents of the notebook plus a secret stored in the user's IPython profile, and stores this value in the notebook metadata. We don't care about the signature per se, we just want to know whether the notebook is identical to one that the user trusted before. Putting it in the metadata was the easiest way to ensure that the signature followed the notebook around for the user, but it doesn't really make sense for the signature to follow the notebook into VCS, or onto other users' machines. One alternative under discussion here is to just hash trusted notebooks (no secret key) and store the hashes in a user-only-readable location.
> 
> -MinRK



Btw, purely hashing without secret, if one knows the algorithm make forging a notebook that collide easier. 
We should at least have a secrets salt to avoid that. So I would keep the secret. 
-- 
M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20141217/7ee5fbe4/attachment.html>