Il giorno 29/lug/2014, alle ore 00:22, Justin Cappos <jcap...@nyu.edu> ha scritto:
> So, I think Vlad covered the status of the implementation side well. > > We've also done some work on the writing / doc side, but haven't pushed fixes > to the PEP. We can (and should) do so. Yes, please, that would be great. > We have an academic writeup that speaks in more detail about many of the > issues you mention, along with other items. We will make the revised > documents easier to find publicly, but let me address your specific concerns > here. > > * what a maintainer is supposed to do to submit a new signed package > > A maintainer will upload a public key when creating a project. When > uploading a package, metadata is signed and uploaded that indicates trust. > Our developer tools guide > (https://github.com/theupdateframework/tuf/blob/develop/tuf/README-developer-tools.md) > is meant to be a first draft at this document that answers any questions. > > There will also be a quick start guide which is just a few steps: > > generate and upload a key > sign metadata and upload it with your project > > * how can differ maintainers signal that they both maintain the same package > > A project can delegate trust to multiple developers. Depending on how this > is done, either developer may be trusted for the package. The developer > tools guide shows this. > > * how the user interface of PyPI will change > > We're open to suggestions here. There is flexibility from our side for how > this works. > * what are the required security maintenance that will need to be regularly > performed by the PyPI ops > > Essentially, the developers need to check a list of 'revoked claimed keys' > and ensure that this list matches what they will sign with their offline > claimed key. This is also detailed in the writeup. > > Giovanni: TUF retains security even when PyPI is compromised (including > online keys). Please elaborate on “survive". What I read in the PEP, if I compromise PyPI I can get access to timestamp, consistent-snapshot, and unclaimed roles, which in turn lets me perform malicious updates, freeze attacks and metadata inconsistency attacks (= all possible attacks). -- Giovanni Bajo :: ra...@develer.com Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
