[Catalog-sig] [DRAFT] Proposal for fixing PyPI/pip security
Jannis Leidel
jannis at leidel.info
Sun Feb 10 13:36:44 CET 2013
On 10.02.2013, at 05:44, Nick Coghlan <ncoghlan at gmail.com> wrote:
> On Sun, Feb 10, 2013 at 7:23 AM, Giovanni Bajo <rasky at develer.com> wrote:
>> Hello,
>>
>> my proposal for fixing PyPI and pip security is here:
>> https://docs.google.com/a/develer.com/document/d/1DgQdDCZY5LiTY5mvfxVVE4MTWiaqIGccK3QCUI8np4k/edit#
>>
>> I tried to sum up the discussions we had here last week, elaborating on Heimes' proposal by simplifying it where I thought the additional steps wouldn't guarantee additional security. At this point, the proposal does not include a central, uber-master online GPG signing key to be stored on PyPI, which is IMO quite hard to handle correctly.
>
> I think the parts related to improving the HTTPS/SSL based security
> are solid, but for the other aspects of secure updates, integrating
> TUF (https://www.updateframework.com/) into the PyPI based
> distribution infrastructure sounds like the best available option for
> enhancing the end-to-end integrity checking. TUF has a comparatively
> well-developed threat model, and systematically covers many of the
> attack vectors discussed in the past few day (including provision of
> old, known vulnerable, versions).
Would you mind explaining why TUF is good? The site doesn't seem to work for me right now.
Jannis
More information about the Catalog-SIG
mailing list