Hi Wes,

On Thu, Mar 22, 2018 at 4:40 PM, Wes Turner <wes.turner@gmail.com> wrote:

The hashes serve as file integrity check but provide no assurance that they are what the author intended to distribute because there is no cryptographic signature.

File hashes help detect bit flips -- due to solar flares -- in storage or transit, but do not mitigate against malicious package modification to packages in storage or transit.

AFAIU, TUF (The Update Framework) has a mechanism for limiting which signing keys are valid for which package? Are pre-shared keys then still  necessary, or do we then rely on a PKI where one compromised CA cert can then forge any other cert?

Yes, you are right, the hashes need to be signed: otherwise you have integrity, but no authenticity.

We wrote PEPs 458 and 480 to discuss how TUF might be deployed on PyPI / Warehouse. The PEPs go into details about public key distribution. The TLDR is that is that clients (i.e., pip) need to be shipped with one self-signed root metadata file, and the rest of the PKI is bootstrapped from there. PyPI would act as an authority that distributes, revokes, and replaces public keys for packages.

More details on security vs usability also available in our Diplomat paper.

If the community is interested, we'd love to discuss how we could help make this happen.

Thanks,
Trishank