On Saturday, 8 September 2018 at 00:53:33 UTC, Neia Neutuladh wrote:
On Saturday, 8 September 2018 at 00:04:08 UTC, Everlast wrote:
Seems there are a few good suggestions.

Here is another:

Have dub have the ability to submit patches when a previously broken package compiles.

So I identify a package that doesn't compile anymore and submit a patch that adds a bitcoin miner and sets fire to your cat?

There are ways around this:

1. If the code is just a few lines and does not escape then it is marked safe and is safe.

This probably gets at least 50% of all patches because it is from a bug that is a few lines of code.

2. Require users to log in to be able to submit changes. Users must wait a week after registering to sub changes and can only submit so many changes per day.
They can submit more but they are flagged.

3. Commits to the end user side can be reviewed.

4. A forum thread is generated for each project with sub threads for each commit. These can be "rated" for how well they fix the problem by others and people can discuss them, sort of like bugzilla but better(more forum like).


5. large changes are automatically committed but are not automatically used. They must be marked as valid by the maintainer of the project or the community.


Basically your argument is that we should throw the baby out with the bath water because MAYBE the baby will grow up to be Hitler. Your logic is the same as cops who say "I should kill this guy now because MAYBE he has a gun" or any other insane thing that is a "MAYBE" but actually very unlikely.


Instead of assuming the most unlikely case, which is insane, it is better to assume the most likely case and then add in the necessary checks to deal with the unlikely cases.


Because, you know, I could download a dub package right now that does exactly what you just said, so it is really irrelevant. The only thing having dub automatically handle it all for you would do is give someone a little more incentive to try and make it happen that way. But seriously, do you think this would be a common attack vector for psychopaths?

When you make it 99.9999% likely they will be ineffective then who cares what they do. If it does happen, the chances are it will fail for various reasons. It it is probably 1 in a billion shot that they will create a patch that will be effective for what they want(to get your bank account, or whatever).

It's much more likely that other routes would be more effective and since psychopaths are only worried about being successful they are not going to waste their time with an attack vector that is almost surely not going to succeed.

Basically those that are in such a secure environment are also not going to make it easy(e.g., they will use a VM alternate OS, sandbox, etc).

Those that don't really care don't have much to lose so it wouldn't matter if the attacker was successful.

6. Users can define levels for automatically including code - 0 for automatic, all cases
1 - When patches do not escape
2 - When patches do not escape and are less than x KB or y lines.
3 - When forum rating > 10 people and 90%
...
X - Review all changes
Y - Ignore all
etc...

This way paranoid users can opt out. If, say, psychopaths do start using D to spread their insanity, then people can just switch to a more secure level and it will squash the problem quickly making it less an incentive for the attackers.


So, you see, there are plenty of solutions that can solve your hypothetical reason for squashing something that would be very practical.

There is absolutely no reason to throw the baby out... none! Don't allow it to turn in to a Hitler, it's not the babies fault, it's yours for what you teach it.

Meaning, there is no reason to not have dub automate everything as much as possible for hypothetical security concerns... Teach dub how to deal with them to a high enough degree that anyone attempting such things will be shut down quickly. It's not 100% but nothing is. After all, we are not even talking about something that hackers have ever used as an attack vector before... it's not even in the realm of what they are after(it's not just system control because most systems are useless).


If dub packages were scoped to a user, then you could fork a dub package more easily. Then the dub registry page for that package could contain both the information "this package doesn't compile with DMD > 2.65.0" and "this package has a more up-to-date fork that compiles with DMD > 2.068.0".

That means I can't hijack your project, which is good, but updating broken dependencies takes manual intervention, which is bad.

Yes, but if one just makes it a bit more intelligent one can solve the problem PROPERLY!

I'm not saying my solutions are what should be done because I'm just throwing out rough ideas. What I'm saying is that THERE IS A PROPER SOLUTION!

It would take people communicating in an organized and structured way to come up with that proper solution.

This means a group of people deciding that it should be done and that they will work together to solve the problem by coming up with the correct solution then coding that solution. It would take months, not days and it would involve a lot of people working together which requires organization to be effective. It can't be done on a forum like this.



Reply via email to