On 29 Jul 2014 03:43, "Giovanni Bajo" <[email protected]> wrote: > > Hello, > > on March 2013, on the now-closed catalog-sig mailing-list, I submitted a proposal for fixing several security problems in PyPI, pip and distutils[1]. Some of my proposals were obvious things like downloading packages through SSL, which was already in progress of being designed and implemented. Others, like GPG package signing, were discussed for several days/weeks, but ended up in discussion paralysis because of the upcoming TUF framework.
It stalled because end-to-end signing is a hard security problem and "just add GPG!" isn't an answer. If you add a threat model to the draft PEP, then we can have a useful discussion, since we need to know who we're trying to defend against, and what security guarantees people are after. 1. People like Donald, Ernest, Richard Noah (i.e. PyPI and infrastructure admins) are part of the threat model for PEP 458. How does your PEP defend against full compromise of those accounts? 2. What level of damage mitigation are we aiming to attain in the event of a full PyPI compromise? (i.e. attacker has full control over absolutely everything published from PyPI) 3. Assuming an attacker has fully compromised DNS and SSL (and hence can manipulate or replace *all* data purportedly being received from PyPI by a given target), what additional level of integrity is the "end-to-end" signing process adding? 4. What level of guarantee will be associated with the signing keys, and are package authors prepared to offer those guarantees? (The only dev community I've really talked to about that is a few of the Django core devs, and their reaction was "Hell, no, protecting and managing keys is too hard") 5. How do these guarantees compare to the much simpler SSH inspired "trust on first use" model already offered by "peep"? These are the critical points, as they're the aspects of the status quo that we're not currently defending against: - peep already makes it possible to ensure you get the same package you got last time, even if downloading directly from PyPI - the pervasive use of SSL protects against attacks other than a PyPI or SSL cert compromise - the wheel format already supports signature transport for private indexes Folks that want to outsource their *due diligence* are still going to have to go to a vendor, since "pip install python-nation" is always going to be a terrible idea, regardless of how the transport from developer to end user is secured. Regards, Nick.
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
