At 2023-11-15T14:58:15+0000, Jeremy Stanley wrote: > I replied to you there too, but you still never seemed to be able to > explain... why do you need to put an OpenPGP key on the service > you're using to upload Python packages (not Debian packages) to > PyPI, given that PyPI doesn't support uploading OpenPGP signatures > anyway?
Yeah, this seems really scary to me. The private key of a public/private key pair associated with an identifiable individual should absolutely be under the _exclusive_ control of that individual. Including read access. I thought this idea was, like, practical crypto 101. Am I missing something? > Yes I'm also annoyed that they saw no value in software authors > uploading signatures for their release artifacts, I argued > repeatedly in favor of keeping it, but the PyPI maintainers (rightly > or wrongly) saw it as a mostly-unused attractive nuisance, and > assert that their more recent addition of HTTPS and strong checksums > mostly serves the purpose of users being able to double-check that > what they downloaded is what PyPI meant to serve them (even if they > can't as easily double-check that what they downloaded is what the > author believes was originally uploaded). It's funny how the same arguments recur over time. Back in 2001, Ben Collins, John Goerzen, and Wichert Akkerman tried to get this same sort of thing into practice into Debian, and faced a wall of indifference from the archive administration team[1]. One may recognize this approach to package signing as a Merkle tree, an old concept even at the time that was popularized as a thoroughly innovative lightning stroke of genius called "blockchain" several years later. (I seem to remember that John and I worked on a brief USENIX-style white paper describing this, but I've long since lost track of it. I also don't remember if we tried to submit it for DebConf 1 or 2.[8]) I was excited by this development at the time, because it provided a user-verifiable chain of custody for source bits. You could have nested signatures by the (source) package uploader, the party who built the binary package, and one by each/any archive host. I recall from IRC that some of the resistance was due to a vague notion that package signing was suspect because John and I were drawing salaries from Ian Murdock's company, Progeny Linux Systems; that some hidden agenda was therefore at work[2], producing an undisclosed conflict of interest. Some of these same people suddenly perceived massive _synergies_ of interest when they themselves started drawing salaries from Mark Shuttleworth's Canonical Software. All of a sudden, they couldn't endorse external agendas enough. Go figure. It's noteworthy to me that, despite much more widespread understanding of Merkle trees nowadays[3], one's opinion of the value of nested, signed checksums seems to have a strong negative correlation with one's status as an administrator of a centralized repository, such that only the last link in the chain of custody is considered important. With that threat model, there's no need to compromise any packager's or uploader's key; you conduct an injection attack on the archive directly. And _that's_ something that's never happened to anyone, right?[7] Regards, Branden [1] a.k.a. "ftpmasters", a term I have always refused to use because it is too depressingly Nietzchean--if there's anything that team wasn't lacking back them, it as a Will to Power... https://lists.debian.org/debian-dpkg/2001/03/msg00024.html [2] Such a fear isn't crazy. Plenty of startups predicate their promises of future profitability on some sort of "secret sauce" or process of market capture. But there would not have been any way to convince anyone of that at the time. As the saying goes, "you can't reason someone out of a belief they weren't reasoned into". As it happened, (A) John and I would have been opposed to any such unethical leveraging effort had one been on offer;[4] (B) Ben and Wichert weren't affiliated with or compensated by Progeny in any way;[5] (C) the design and implementation of the initiative were completely transparent, and their applicability to the problem of an indeterminate chain of (bit-modifying) custody obvious; and (D) while it was pursuing a business plan of "get acquired for an absurd amount of money", the company's strategic direction whipped to and fro like an unmoored fire hose, depending on whatever Ian was reading (or who he was talking to) at the time...I suspect that these were frequently investors who knew far less about the industry than he did. Culturally, it doesn't seem that we've gotten any better distinguish wealth (or the illusion thereof[6]) from domain knowledge, competence, or virtuous character. [3] Well, maybe not. For one rollicking, schadenfreude-inducing tale of vapidity, cupidity, and stupidity after another, see <https://davidgerard.co.uk/blockchain/book/>. [4] Years later, I learned that my ethical principles almost got me fired. Story for another time... [5] To my knowledge. The company didn't open its books to its staff until much, much later, under different leadership, and when the place was in desperate straits. It was and remains a radical move, a fact I've always found fascinating. Capitalists bray and bleat about the infallible wisdom of the market, when a necessary precondition of a market's ability of find an optimal equilibrium between supply and demand is predicated, among several other factors, on perfect information. (Don't take my word for it; read Kenneth Arrow and Gérard Debreu.) In practice, they love secrets as much as--or more than--Joseph Stalin and Lavrentiy Beria did. There is also the massively distorting effect of "limited liability", but I digress. [6] https://www.reuters.com/legal/ftx-founder-sam-bankman-fried-thought-rules-did-not-apply-him-prosecutor-says-2023-11-02/ [7] https://www.bleepingcomputer.com/news/security/hundreds-of-malicious-python-packages-found-stealing-sensitive-data / https://arstechnica.com/information-technology/2022/08/10-malicious-python-packages-exposed-in-latest-repository-attack/ https://arstechnica.com/information-technology/2020/04/725-bitcoin-stealing-apps-snuck-into-ruby-repository/ https://arstechnica.com/information-technology/2021/12/malicious-packages-sneaked-into-npm-repository-stole-discord-tokens/ [8] I suspect we didn't. DebConf 1 was way over in Europe and Progeny wasn't going to spend the money to send anyone but Ian overseas at that point. DebConf 2 was at York University in Toronto and Progeny _did_ send a generous delegation. But John might have left the company by then, and I remember that, faced with the archive admins' enduring opposition, we all pretty much gave up trying to advance the state of the art in that direction.
signature.asc
Description: PGP signature