Hi! [email protected] skribis:
> * Does Guix defend against the variety of attacks described in the TUF > threat model document? (described in link below) How resilient is it > against key compromise? (TUF was designed from the ground up to > provide a highly resilient and secure update framework as a drop in > replacement to crappy standalone updaters - a problem that's become > very serious for proprietary OSes. The security research and > implementation behind it are an excellent rubric that one can apply to > any updater/package manager.) > > https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md The short answer is: not yet. The longer answer is that TUF is biased towards “traditional” package managers where the main asset is a binary package archive. Guix is conceptually a source-based package manager, so what we want to authenticate is Git checkouts of Guix itself. TUF needs to be “ported” to this model. We’ll address this hopefully within a few months, and definitely by 1.0: https://bugs.gnu.org/22883 Ludo’.
