On 08/12/10 08:13, Ketil Malde wrote:
My apologies for not expressing myself more clearly. What I mean is
that currently, Hackage has a ton of users, each of whom may at whim
upload a new version of any library. It's not clear to me that security
is significantly worsened by adding a mirror.
Assume I am out with ill intent: I can now either a) set up a mirror,
replace some central library with my evil trojan, launch a DOS attack
against hackage.haskell.org to get users to switch, and gloat in my
secret castle as I await the fruits of my cunning schemes -- or I can
b) just upload my trojan library to hackage directly.
You have to start somewhere with security.
I think that an uploaded trojan library would be at least detectable as
such, since the uploading user would have change (i'm not sure that what
you had in mind ?).
Whereas on a mirror, it would be completely transparent to the users.
As a first step, having the hackage server and its users trusted, is
hopefully reasonable. And then you can build up from there. This would
be nice to be proactive before we actually detect such a thing, and we
have to build a security infrastructure anyway ;)
--
Vincent
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
