On 10.02.2013, at 05:44, Nick Coghlan <[email protected]> wrote: > On Sun, Feb 10, 2013 at 7:23 AM, Giovanni Bajo <[email protected]> wrote: >> Hello, >> >> my proposal for fixing PyPI and pip security is here: >> https://docs.google.com/a/develer.com/document/d/1DgQdDCZY5LiTY5mvfxVVE4MTWiaqIGccK3QCUI8np4k/edit# >> >> I tried to sum up the discussions we had here last week, elaborating on >> Heimes' proposal by simplifying it where I thought the additional steps >> wouldn't guarantee additional security. At this point, the proposal does not >> include a central, uber-master online GPG signing key to be stored on PyPI, >> which is IMO quite hard to handle correctly. > > I think the parts related to improving the HTTPS/SSL based security > are solid, but for the other aspects of secure updates, integrating > TUF (https://www.updateframework.com/) into the PyPI based > distribution infrastructure sounds like the best available option for > enhancing the end-to-end integrity checking. TUF has a comparatively > well-developed threat model, and systematically covers many of the > attack vectors discussed in the past few day (including provision of > old, known vulnerable, versions).
Would you mind explaining why TUF is good? The site doesn't seem to work for me right now. Jannis _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
