On 10/08/15 16:15, Michael Van Canneyt wrote:
4. All packages in the repository should be signed (e.g. using a GPG
user key). Only packages signed using a known key should be allowed
to install.
I don't see the point in that.
An online repository is potentially vulnerable to:
- DoS Attacks
- Man in the middle attacks
- Unauthorised modification of repository data
DoS is probably out of scope and man in the middle could be countered by
demanding https only. However, I don't think I would like to claim that
any website is invulnerable to unauthorised modification. Hence why I
propose that a digital signature is available for each file in the
repository. The basic idea is that the signing key is only available to
an authorised user (probably 3DES encrypted) and thus even if an
attacker succeeds in uploading a malicious file, the attack is not
unsuccessful unless the attacker can persuade the site administrator to
sign the file.
This extra level of security should be sufficient to counter such an attack.
Tony
--
_______________________________________________
Lazarus mailing list
[email protected]
http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
