Hi Eric, No, I'm not really very comfortable with putting the buildbot-built binaries on darcs.net from a security perspective. It's true that we don't have very strong security safeguards, but I would still rather not put untrusted binaries on darcs.net itself. Although I trust Zooko, I don't trust the owners of all buildbots to keep their machines locked down, and I'd rather not try to distinguish between the trusted and untrusted buildbots.
Why not just stick them on the wiki? Yes, that exposes downloaders to the same sorts of attacks and a few more, but anyone downloading a binary off a wiki really ought to know the risk they're taking, while someone downloading from http://darcs.net/binaries has good reason to believe that we trust those files. David P.S. Speaking of security, we really ought to add support for cryptographically-hashed repository URLs and signed repositories. It's pretty easy, and could protect us from DNS spoofing attacks. On Thu, Oct 16, 2008 at 05:43:32PM +0100, Eric Kow wrote: > Hi David, > > What do you think about creating > http://darcs.net/binaries > and http://darcs.net/binaries/latest ? > > My hope is that we can have a place for buildbots to upload binaries for > the latest build (maybe create a user [EMAIL PROTECTED] with ssh keys > for each buildslave?). The thinking is that we could also have things > like http://darcs.net/binaries/2.1.0/darcs-windows.exe > > This represents a shift in position for us, i.e. that we would now > be supporting binaries. But it seems like, for Windows at least, we > don't have much of a choice. Having the buildbots provide those > binaries for us at least makes it easier for us to do so. > > Thanks, > > On Thu, Oct 16, 2008 at 07:42:59 -0600, zooko wrote: > > Please put it into the ~/.ssh/authorized_keys file of some user on > > some server to which darcs executables should be copied from the > > windows buildbot. > > > > Of course, this also means that you are allowing anyone who controls > > the corresponding private key (all five of the employees of > > allmydata.com) to do whatever they want with that user account on > > that server.
signature.asc
Description: Digital signature
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
