[Catalog-sig] pre-PEP: transition to release-file hosting at pypi site

Donald Stufft donald at stufft.io
Wed Mar 13 18:34:45 CET 2013

On Mar 13, 2013, at 1:21 PM, Tres Seaver <tseaver at palladion.com> wrote:

> Signed PGP part
> On 03/13/2013 01:06 PM, Donald Stufft wrote:
> > Really now? Let's see I can easily protect against malicous uploads
> > by only installing from trusted authors
> How do you know who to trust?  What if an author you trust adds a
> dependency to a package to an author you have no konwledege of, or one
> you actively distrust?  What if an author you trust commits one of the
> other changes I outlined (removes a release / distribution, makes
> backward-incompatible changes, re-uploads a changed distribution over an
> existing one?)
> The only way to implement "only install from trusted authors" is to run
> your own index, and explicitly review / curate the package set maintained
> there.   In that scenario, you run a script from time to time which looks
> for new versions of your packages on PyPI and puts them into a queue for
> review.
> Bob, a casual reviewer, might install the new verison from PyPI into a
> fresh virtualenv and test it there before pushing it into the curated index.
> Carol, more pranoid^Wsecurity mindex, downloads the package, verifies its
> signature, unpacks the tarball, diffs it against the curated version,
> compares that diff against the changelog, looks at new / changed
> dependencies, and installs it into a hardened sandbox for testing.  Only
> after that kind of review does she push the newly-reviewed distribution
> into the curated index.
> Adding an entirely new package to the curated index is a similar process,
> but requires more effort from either Bob or Carol.
> Tres.
> - -- 
> ===================================================================
> Tres Seaver          +1 540-429-0999          tseaver at palladion.com
> Palladion Software   "Excellence by Design"    http://palladion.com
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig

Threat models are a thing. It the way it *should* work in PyPI is you ask for X, you get X and it was not modified in transit (and ideally not on the repository as well but that is more difficult). PyPI is not and will never be a curated index. However if I trust Author A, then I implicity trust his actions. I trust that he won't do your stated issues. 

Now is a curated index *more secure*? Well again it depends on what your threat model is. PyPI isn't going to protect you from a malicious or incompetent author. For the threat model that PyPI is able to deliver on your system is no more or less secure. In fact without the sort of things you dismiss here your proposal is also just as insecure unless you only ever access it on a protected network which you can be sure no attacker has gained access too.

Even your 3 issues are far less concerning than the fact MiTM on either PyPI (fixed now with pip 1.3) or an external url allows a random guy at PyCon to execute arbitrary code on your machine if you install a package from PyPI at pycon, or at a coffee shop, or on any wifi ever that could have someone else on it.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130313/476cb35c/attachment-0001.pgp>

More information about the Catalog-SIG mailing list