Thanks for the clarification, guys. Donald, I'm not sure what you mean by "a compromise of the CDN for *uploading*".
On Wed Dec 31 2014 at 1:21:18 PM Donald Stufft <don...@stufft.io> wrote: > On Dec 30, 2014, at 8:24 PM, Nick Coghlan <ncogh...@gmail.com> wrote: > > On 23 December 2014 at 04:15, Vladimir Diaz <vladimir.v.d...@gmail.com> > wrote: > >> On Mon, Dec 22, 2014 at 11:30 AM, Nick Coghlan <ncogh...@gmail.com> >> wrote: >> >>> From my perspective, the split into two PEPs meant most of the areas I >>> have doubts about have been moved to the end-to-end security model in PEP >>> 480, leaving PEP 458 to cover the simpler task of securing the link from >>> PyPI to the end user in such a way that public mirrors of packages can be >>> trusted to accurately reflect the content published by PyPI. >>> >> >> I think splitting the proposal into two PEPs was the right decision. We >> hope working with Donald on the end-to-end security model (PEP 480), and >> feedback from the community will help to address any remaining questions. >> Excluding the end-to-end option from the revised version of PEP 458 also >> made room for an overview of the metadata and framework, which was >> requested by multiple members of the community. >> > > An off-list question from Richard made me realise we should likely retitle > the two PEPs slightly. I'd suggest the following names: > > PEP 458: Surviving a compromise of the PyPI CDN > > > This isn’t exactly right either, because it won’t survive a compromise of > the CDN for *uploading*, but it might be close enough not to matter. > Perhaps better would be something about not relying on TLS or something. > > PEP 480: Surviving a compromise of PyPI > > That encapsulates the difference between the threat model of the two PEPs > in a way that the current titles don't quite convey (the reduced scope of > PEP 458 in particular means that the current title is actually outright > wrong - protecting against a compromise of PyPI itself is the scope that > was moved to PEP 480). > > The reduced scope of PEP 458 also still protects against the compromise of > read-only mirrors, but I don't think we need to try to capture that > directly in the title. > > Cheers, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > --- > Donald Stufft > PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > https://mail.python.org/mailman/listinfo/distutils-sig >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
