On Thu, Mar 22, 2018 at 6:15 PM, Justin Cappos <jcap...@nyu.edu> wrote:
> > >> Warehouse is already a SPOF. >> That's a hefty responsibility that contributions should support. >> > > Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server > (and all keys on it) need not allow an attacker to compromise many users. > The details are in the Diplomat > <https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy> > paper, but the gist is that you can have some rarely used, offline keys > that are stored by folks like Donald, etc. and a quorum of those trusted > users would need to be malicious to cause substantial harm to users. > > However, you can have whatever trust / key distribution / storage model > makes sense. TUF doesn't force you to use some pre-ordained model. It has > flexibility to support a variety of workflows, including many with good > security properties. > > Would [offline] package mirrors and the CDN still work for/with TUF keys? >> > > Yes, this works just fine. CDNs / mirrors do not change in any way. > +1 (I'm logging off work for today, but happy to discuss more tomorrow)
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig