On Mon, Jan 15, 2001 at 09:26:40AM -0500, Mark Rogaski wrote:
> An entity claiming to be David Cantrell ([EMAIL PROTECTED]) wrote:
>
> : And as a matter of fact, I *did* check the script by hand before piping it
> : in to a shell.
Mainly out of interest to see how it did it rather than because I was
paranoid about what it was doing, I should point out :-)
> : Of course, that still doesn't help when it comes to
> : verifying all the binaries involved. Perhaps you're saying we should
> : never install binaries, and should compile everything ourselves. Perhaps
> : we should check every line of code first before compiling.
>
> I never said that I was any less guilty of said idiocy ;)
>
> However, I have to disagree with the all-or-nothing approach to system
> security.
Actually, I agree with you. I was taking a reductio ad absurdam approach
to the claim that Helix's installer was risky, and pointing out that it
is no more risky than lots of stuff that we all do every day. IMO,
Helix's server is sufficiently trustworthy for downloading binaries on my
laptop. If I was downloading stuff to my server I would be more careful.
> A reasonable first step would be to support digital signatures for
> distributions on CPAN.
[rant about verification etc]
> This would, at the very least, reduce the
> vulerability to the problems inherent in public key encryption (key
> management, verification, MitM, etc). By developing a security model for
> CPAN, we shift the weak links to the system rather than the new software.
Ah, OK [snip above rant]. Yeah, all that does is shift the problem
elsewhere, but does not solve it. I fear that this problem is not soluble
given current technology whilst still retaining CPAN's ease of use both
for end-users and for contributors.
Which reminds me, I *really* should get round to uploading my hex thingummy.
--
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david
Any technology distinguishable from magic is insufficiently advanced
