On Fri, 16 Mar 2012 13:11:37 -0700 (PDT) David Chan wrote: > SSL doesn't protect us from a server compromise scenario. Though that > doesn't matter if the store is a permissions granter, since a > compromised store can just grant all permissions to rogue app X.
You need a security policy for private key storage and usage. Can it be on the web server. Can it be online or does a second secure signing system have to be employed that provides signed data over a VPN or does the web server have to be chrooted without PHP or other more risky technologies etc. etc.. I think an active store such as a code reviewer like a debian repo is great to cater for but that is powered by the community. Most stores for closed source will likely be braindead machines that depend on developers won't they. How does the store cover the cost for permission review/management?. kernel.org got compromised and it is said not to have mattered too much because the devs sign all updates and watch all open source! commits but they still made a real bad job of the live system design even though they have a bloomin flying backup verification data centre from Google that I hope isn't wasting fuel always/often. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
