[Catalog-sig] RubyGems Threat Model and Requirements
Robert Collins
robertc at robertcollins.net
Wed Feb 13 11:29:24 CET 2013
On 13 February 2013 15:12, Giovanni Bajo <rasky at develer.com> wrote:
> Yes, that's correct. GPG chain-of-trust concept is not used in my proposal,
> because I don't think it would be a good fit for this problem given its
> requirements. Specifically, I believe pip users should not be bothered with
> useless click-through questions for each new package they install, which is
> what you would get far too often in case chain-of-trust were used.
But this means someone that gets access to the PyPI server can just
mark their own key as trusted and compromise any package they want.
-Rob
--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services
More information about the Catalog-SIG
mailing list