Hi folks, The recent Docker 1.8 release was the first one to include their new content signing system, which is described well in this post: https://blog.docker.com/2015/08/content-trust-docker-1-8/
The resign I bring that up here is because the Docker Content Trust system is based on The Update Framework, which is the same system we've been exploring for PyPI package signing in PEPs 458 and 480. The part I particularly like is the way they have handled the trust establishment process for content signing: they use a "trust on first use" model by default, similar to that used in SSH. This means there is still a reliance on HTTPS and the CA system, but only for the task of bootstrapping TUF in a way that allows new clients to obtain the public signing certificate of the repo publisher transparently. Once the intial trust relationship with a public repo like PyPI or a private repo within a company or other organisation has been established, later compromises of the CA system don't provide the ability to forge package signatures. Also of potential interest is the TUF-based signing infrastructure that Docker built, Notary: https://github.com/docker/notary While I don't have a strong personal preference one way or the other, finding a way to reuse that does seem like it could be an interesting architectural alternative to building signing capabilities directly into Warehouse itself. Regards, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
