Absolutely. Nick, thanks for helping to clarify that tasks #6-7 are,
indeed, handled by TUF.
Giovanni, we would certainly like to comment on your design document as
soon as we find the time. In fact, we are going to have a TUF hackathon
here in a few hours, and we hope to make more progress
On 13 Feb, 2013, at 15:21, Nick Coghlan ncogh...@gmail.com wrote:
For now, though, we would probably start off with
release/target/timestamp roles sharing a key, all threshold values set
to 1, and just doing simple project based target delegation to user
keys. Given the existing GPG
On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren ronaldousso...@mac.com wrote:
On 13 Feb, 2013, at 15:21, Nick Coghlan ncogh...@gmail.com wrote:
For now, though, we would probably start off with
release/target/timestamp roles sharing a key, all threshold values set
to 1, and just doing
On 14 Feb, 2013, at 11:25, Nick Coghlan ncogh...@gmail.com wrote:
On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren ronaldousso...@mac.com
wrote:
On 13 Feb, 2013, at 15:21, Nick Coghlan ncogh...@gmail.com wrote:
For now, though, we would probably start off with
Il giorno 14/feb/2013, alle ore 12:00, Ronald Oussoren ronaldousso...@mac.com
ha scritto:
On 14 Feb, 2013, at 11:25, Nick Coghlan ncogh...@gmail.com wrote:
On Thu, Feb 14, 2013 at 6:46 PM, Ronald Oussoren ronaldousso...@mac.com
wrote:
On 13 Feb, 2013, at 15:21, Nick Coghlan
Il giorno 13/feb/2013, alle ore 04:31, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Wed, Feb 13, 2013 at 2:27 AM, Giovanni Bajo ra...@develer.com wrote:
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo
On 13 February 2013 15:12, Giovanni Bajo ra...@develer.com wrote:
Yes, that's correct. GPG chain-of-trust concept is not used in my proposal,
because I don't think it would be a good fit for this problem given its
requirements. Specifically, I believe pip users should not be bothered with
Il giorno 13/feb/2013, alle ore 11:29, Robert Collins
robe...@robertcollins.net ha scritto:
On 13 February 2013 15:12, Giovanni Bajo ra...@develer.com wrote:
Yes, that's correct. GPG chain-of-trust concept is not used in my proposal,
because I don't think it would be a good fit for this
On Wed, Feb 13, 2013 at 7:58 PM, Giovanni Bajo ra...@develer.com wrote:
Il giorno 13/feb/2013, alle ore 04:31, Nick Coghlan ncogh...@gmail.com ha
scritto:
TUF's target delegation is thus in direct competition to the trusted
keys file in your design. TUF specifically aims to take care of the
On 14 Feb 2013 03:59, Donald Stufft donald.stu...@gmail.com wrote:
On Wednesday, February 13, 2013 at 5:29 AM, Robert Collins wrote:
On 13 February 2013 15:12, Giovanni Bajo ra...@develer.com wrote:
Yes, that's correct. GPG chain-of-trust concept is not used in my
proposal,
because I don't
Il giorno 12/feb/2013, alle ore 08:57, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 10:39 AM, Donald von Stufft
donald.stu...@gmail.com wrote:
The folks on the ruby side of things who are dealing with a lot of
the same problems as Python/PyPI is have put together a
[posted on behalf of Donald Stufft]
The folks on the ruby side of things who are dealing with a lot of
the same problems as Python/PyPI is have put together a document
containing a threat model and requirements of the system. While the
terminology is obviously ruby specific the concepts all apply
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo ra...@develer.com wrote:
Hello Nick,
I've added the initial Requirements and Thread Model section to my document.
I've also added a section Future scenarios at the end of the document.
I hope they complete what you were feeling was missing
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo ra...@develer.com wrote:
Hello Nick,
I've added the initial Requirements and Thread Model section to my document.
I've also added a section Future scenarios
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com wrote:
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com
ha scritto:
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo ra...@develer.com
wrote:
Hello Nick,
I've added the initial Requirements and
Il giorno 12/feb/2013, alle ore 18:44, Daniel Holth dho...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com wrote:
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo
On Tuesday, February 12, 2013 at 12:44 PM, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com
(mailto:ra...@develer.com) wrote:
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com
(mailto:ncogh...@gmail.com) ha scritto:
On Tue,
On Tue, Feb 12, 2013 at 1:39 PM, Jesse Noller jnol...@gmail.com wrote:
On Tuesday, February 12, 2013 at 1:36 PM, Donald Stufft wrote:
On Tuesday, February 12, 2013 at 1:22 PM, Jesse Noller wrote:
On Tuesday, February 12, 2013 at 12:44 PM, Daniel Holth wrote:
On Tue, Feb 12,
On Tuesday, February 12, 2013 at 1:50 PM, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 1:39 PM, Jesse Noller jnol...@gmail.com
(mailto:jnol...@gmail.com) wrote:
On Tuesday, February 12, 2013 at 1:36 PM, Donald Stufft wrote:
On Tuesday, February 12, 2013 at 1:22 PM, Jesse Noller
On Tue, Feb 12, 2013 at 12:44 -0500, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com wrote:
Your Task #6/#7 (related to PyPI generating the trust file, and pip
verifying it) are the ones where I think the input of the TUF team
will be most
On 02/12/2013 02:07 PM, Donald Stufft wrote:
Additionally their mailing for discussing this
is rubygems-develop...@rubyforge.org
mailto:rubygems-develop...@rubyforge.org for anyone who want to get
some cross language collab going on :)
Here is another way to subscribe to that mailing list:
On Tue, Feb 12, 2013 at 2:20 PM, holger krekel hol...@merlinux.eu wrote:
On Tue, Feb 12, 2013 at 12:44 -0500, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com
wrote:
Your Task #6/#7 (related to PyPI generating the trust file, and pip
verifying
On Feb 12, 2013, at 2:20 PM, holger krekel wrote:
On Tue, Feb 12, 2013 at 12:44 -0500, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com wrote:
Your Task #6/#7 (related to PyPI generating the trust file, and pip
verifying it) are the ones where I think
On Tuesday, February 12, 2013 at 3:34 PM, Konstantin Andrianov wrote:
On Feb 12, 2013, at 2:20 PM, holger krekel wrote:
On Tue, Feb 12, 2013 at 12:44 -0500, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com
(mailto:ra...@develer.com) wrote:
Il giorno 12/feb/2013, alle ore 21:07, Daniel Holth dho...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 2:20 PM, holger krekel hol...@merlinux.eu wrote:
On Tue, Feb 12, 2013 at 12:44 -0500, Daniel Holth wrote:
On Tue, Feb 12, 2013 at 11:27 AM, Giovanni Bajo ra...@develer.com wrote:
On Wed, Feb 13, 2013 at 2:27 AM, Giovanni Bajo ra...@develer.com wrote:
Il giorno 12/feb/2013, alle ore 14:12, Nick Coghlan ncogh...@gmail.com ha
scritto:
On Tue, Feb 12, 2013 at 10:09 PM, Giovanni Bajo ra...@develer.com wrote:
Hello Nick,
I've added the initial Requirements and Thread
On Monday, February 11, 2013 at 8:50 PM, Richard Jones wrote:
[posted on behalf of Donald Stufft]
The folks on the ruby side of things who are dealing with a lot of
the same problems as Python/PyPI is have put together a document
containing a threat model and requirements of the system.
27 matches
Mail list logo