On 22 March 2018 at 05:03, wrote:
> After spending quite some time thinking about this, I've decided to cut
> out the wheel signature related features from the wheel codebase,
> unless there is significant resistance among the readers of this
> mailing list. For those
to, 2018-03-22 kello 21:44 +1000, Nick Coghlan kirjoitti:
> On 22 March 2018 at 05:03, wrote:
> > After spending quite some time thinking about this, I've decided to
> > cut
> > out the wheel signature related features from the wheel codebase,
> > unless there is
On 22 March 2018 at 22:35, wrote:
> I am not changing the format of RECORD, I'm simply removing the
> cryptographic signing and verifying functionality, just the way you
> described. Hash checking will stay. As we agreed earlier, those
> features could be deprecated or
On Mon, Mar 19, 2018, at 12:37 PM, Thomas Kluyver wrote:
> If we're happy with that, I can also look at changing the glibc
> version thing, but that will probably involve a bit more actual
> thought. ;-)
I've opened another PR for this:
https://github.com/python/peps/pull/597
Even if no maintenance were required, it's still a feature that promises to
provide security but doesn't. This kind of feature has negative value.
I'd also suggest adding a small note to the PEP documenting that the
signing feature didn't work out, and maybe linking to Donald's package
signing
What maintenance is required?
Here's a link to the previous discussion of this issue:
"Remove or deprecate wheel-signing features"
https://github.com/pypa/wheel/issues/196
What has changed? There is still no method for specifying a keyring;
whereas with GPG, all keys in the ring are trusted.
to, 2018-03-22 kello 13:57 -0400, Wes Turner kirjoitti:
> What maintenance is required?
It's hard to say for sure, since that depends on what requirements come
up in the future. One thing this certainly affects is the test suite
which I plan to rewrite because I feel it is woefully inadequate.
The feature was a building block that was intended to be used in much the
same way that SHA package hashes are used, providing similar security to
the ssh-style TOFU model, but less security than other imaginable public
key systems. The idea was that it could provide more security in practice
On Thursday, March 22, 2018, Daniel Holth wrote:
> The feature was a building block that was intended to be used in much the
> same way that SHA package hashes are used, providing similar security to
> the ssh-style TOFU model, but less security than other imaginable public
>
Hi Wes,
On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner wrote:
>
> The hashes serve as file integrity check but provide no assurance that
> they are what the author intended to distribute because there is no
> cryptographic signature.
>
> File hashes help detect bit flips --
You don't need a traditional CA for use with TUF or need to worry about a
single PKI. TUF is built to be resilient to the compromise of single
servers / keys.
Typically you would ship the metadata about what keys to trust (TUF's "root
metadata") with the software installation tool. This single
TUF, Warehouse, Pip, PyPA, ld-signatures, ed
"PEP 480 -- Surviving a Compromise of PyPI"
https://www.python.org/dev/peps/pep-0458/
"PEP 480 -- Surviving a Compromise of PyPI: The Maximum Security Model"
https://www.python.org/dev/peps/pep-0480/
I need to spend time reviewing these PEPs.
On Thursday, March 22, 2018, wrote:
> to, 2018-03-22 kello 16:40 -0400, Wes Turner kirjoitti:
>
>
>
> On Thursday, March 22, 2018, Daniel Holth wrote:
>
> The feature was a building block that was intended to be used in much the
> same way that SHA
On Thu, Mar 22, 2018, at 9:25 PM, alex.gronh...@nextday.fi wrote:
> I've been wondering about something – zip files already contain CRC
> based checksums for each the stored file. What benefit is there in
> storing a RECORD file which basically duplicates this functionality?
In terms of providing
On Thursday, March 22, 2018, Justin Cappos wrote:
> You don't need a traditional CA for use with TUF or need to worry about a
> single PKI. TUF is built to be resilient to the compromise of single
> servers / keys.
>
> Typically you would ship the metadata about what keys to
to, 2018-03-22 kello 16:40 -0400, Wes Turner kirjoitti:
> On Thursday, March 22, 2018, Daniel Holth wrote:
> > The feature was a building block that was intended to be used in
> > much the same way that SHA package hashes are used, providing
> > similar security to the ssh-style
> Warehouse is already a SPOF.
> That's a hefty responsibility that contributions should support.
>
Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server
(and all keys on it) need not allow an attacker to compromise many users.
The details are in the Diplomat
On Thu, Mar 22, 2018 at 6:15 PM, Justin Cappos wrote:
>
>
>> Warehouse is already a SPOF.
>> That's a hefty responsibility that contributions should support.
>>
>
> Warehouse doesn't need to be a SPOF. A compromise of the Warehouse server
> (and all keys on it) need not allow
Just as an FYI, as of this morning we’ve started doing brownouts of the
deprecated TLS versions. For the first 10 minutes of each hour anyone
attempting to access PyPI with TLSv1.0 or TLSv1.1 will get a 403 response with
an informative error.
As we get closer to the deadline I will be ramping
19 matches
Mail list logo