On Fri, Mar 23, 2018, at 6:56 AM, alex.gronh...@nextday.fi wrote:
> If someone wanted to make a malicious file, what's preventing them
> from modifying the RECORD to match the modified file when there is no
> cryptographic signing involved?
Right: you need a way to verify RECORD on top of that.
to, 2018-03-22 kello 21:56 +, Thomas Kluyver kirjoitti:
> On Thu, Mar 22, 2018, at 9:25 PM, alex.gronh...@nextday.fi wrote:
>
> > I've been wondering about something – zip files already contain CRC
> > based checksums for each the stored file. What benefit is there in
> > storing a RECORD
On Thursday, March 22, 2018, Justin Cappos wrote:
> You don't need a traditional CA for use with TUF or need to worry about a
> single PKI. TUF is built to be resilient to the compromise of single
> servers / keys.
>
> Typically you would ship the metadata about what keys to
On Thu, Mar 22, 2018, at 9:25 PM, alex.gronh...@nextday.fi wrote:
> I've been wondering about something – zip files already contain CRC
> based checksums for each the stored file. What benefit is there in
> storing a RECORD file which basically duplicates this functionality?
In terms of providing
On Thursday, March 22, 2018, wrote:
> to, 2018-03-22 kello 16:40 -0400, Wes Turner kirjoitti:
>
>
>
> On Thursday, March 22, 2018, Daniel Holth wrote:
>
> The feature was a building block that was intended to be used in much the
> same way that SHA
to, 2018-03-22 kello 16:40 -0400, Wes Turner kirjoitti:
> On Thursday, March 22, 2018, Daniel Holth wrote:
> > The feature was a building block that was intended to be used in
> > much the same way that SHA package hashes are used, providing
> > similar security to the ssh-style
You don't need a traditional CA for use with TUF or need to worry about a
single PKI. TUF is built to be resilient to the compromise of single
servers / keys.
Typically you would ship the metadata about what keys to trust (TUF's "root
metadata") with the software installation tool. This single
Hi Wes,
On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner wrote:
>
> The hashes serve as file integrity check but provide no assurance that
> they are what the author intended to distribute because there is no
> cryptographic signature.
>
> File hashes help detect bit flips --
On Thursday, March 22, 2018, Daniel Holth wrote:
> The feature was a building block that was intended to be used in much the
> same way that SHA package hashes are used, providing similar security to
> the ssh-style TOFU model, but less security than other imaginable public
>
The feature was a building block that was intended to be used in much the
same way that SHA package hashes are used, providing similar security to
the ssh-style TOFU model, but less security than other imaginable public
key systems. The idea was that it could provide more security in practice
Even if no maintenance were required, it's still a feature that promises to
provide security but doesn't. This kind of feature has negative value.
I'd also suggest adding a small note to the PEP documenting that the
signing feature didn't work out, and maybe linking to Donald's package
signing
to, 2018-03-22 kello 13:57 -0400, Wes Turner kirjoitti:
> What maintenance is required?
It's hard to say for sure, since that depends on what requirements come
up in the future. One thing this certainly affects is the test suite
which I plan to rewrite because I feel it is woefully inadequate.
What maintenance is required?
Here's a link to the previous discussion of this issue:
"Remove or deprecate wheel-signing features"
https://github.com/pypa/wheel/issues/196
What has changed? There is still no method for specifying a keyring;
whereas with GPG, all keys in the ring are trusted.
On 22 March 2018 at 22:35, wrote:
> I am not changing the format of RECORD, I'm simply removing the
> cryptographic signing and verifying functionality, just the way you
> described. Hash checking will stay. As we agreed earlier, those
> features could be deprecated or
to, 2018-03-22 kello 21:44 +1000, Nick Coghlan kirjoitti:
> On 22 March 2018 at 05:03, wrote:
> > After spending quite some time thinking about this, I've decided to
> > cut
> > out the wheel signature related features from the wheel codebase,
> > unless there is
On 22 March 2018 at 05:03, wrote:
> After spending quite some time thinking about this, I've decided to cut
> out the wheel signature related features from the wheel codebase,
> unless there is significant resistance among the readers of this
> mailing list. For those
16 matches
Mail list logo