[Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
Justin Cappos
jcappos at nyu.edu
Thu Mar 22 18:15:44 EDT 2018
- Previous message (by thread): [Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
- Next message (by thread): [Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
> Warehouse is already a SPOF.
> That's a hefty responsibility that contributions should support.
>
Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server
(and all keys on it) need not allow an attacker to compromise many users.
The details are in the Diplomat
<https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy>
paper, but the gist is that you can have some rarely used, offline keys
that are stored by folks like Donald, etc. and a quorum of those trusted
users would need to be malicious to cause substantial harm to users.
However, you can have whatever trust / key distribution / storage model
makes sense. TUF doesn't force you to use some pre-ordained model. It has
flexibility to support a variety of workflows, including many with good
security properties.
Would [offline] package mirrors and the CDN still work for/with TUF keys?
>
Yes, this works just fine. CDNs / mirrors do not change in any way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20180322/e1478ceb/attachment.html>
- Previous message (by thread): [Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
- Next message (by thread): [Distutils] TUF, Warehouse, Pip, PyPA, ld-signatures, ed25519
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Distutils-SIG
mailing list