PackMan security (was: [Pythonmac-SIG] FAQ item)
Ronald Oussoren
oussoren at cistron.nl
Tue Jul 29 23:40:04 EDT 2003
On Tuesday, 29 July, 2003, at 22:17, Jack Jansen wrote:
>
> On dinsdag, jul 29, 2003, at 21:29 Europe/Amsterdam, Bob Ippolito
> wrote:
>
>> I'd also like to mention that there are some pretty *serious security
>> flaws* with the current way Package Manager works that should be
>> higher priority than making it pretty. We need to start a new thread
>> discussing this.. is this the proper SIG for it?
>
> I'm not sure what the right place to discuss this is. Let's keep it
> here, for now.
> I plan to do a PEP later, but as PackMan solves a real problem I
> didn't want to get
> bogged down by zillions of people all trying to bend PackMan to their
> own needs
> until 2.3 was out.
>
> Let's hear about the security flaws. The only one I'm aware of is that
> the URL
> that is built in to packman isn't secure HTTP. From that point on I
> was under the
> impression that everything was secure. Or, "secure", let me rephrase
> that: there
> is only one person you put your trust in, and that is the person who
> created the
> database.
Let me pretend that I'm a security expert. Using HTTPS would not solve
anything, unless you actually check the server certificate (and nobody
seems to do that, I can't even look at certificates in Safari). Some
kind of digitical signature of the plist files would probably more
usefull: that would allow me to verify that the scapegoat actually
placed that file on the webserver.
Ronald
More information about the Pythonmac-SIG
mailing list