Code Repositories was( RE: Proposal: add vector arithmetic to array module)

Paul Rubin phr-n2001 at nightsong.com
Tue Sep 25 23:05:11 CEST 2001


I think multi-level certification as described in your post is very
hard to design securely and even if designed securely, doesn't work
very well in practice.  The PGP Web of Trust is an example--hardly
anyone cares about it.  If someone wants to email me something with
PGP, they usually ask for my key directly.

It's enough to just have signed distributions/libraries with one level
of signatures.  If you want real-world identity checking behind the
signatures, the existing PKI CA system is good enough for that.

Basically I want the number of entities that I have to trust to get
smaller, not larger.  That's not a matter of technical authentication
mechanisms, but rather of having a few people vetting source code and
signing it before distribution.  It would be great if there was a
Python distribution checked that way.  The vetting process wouldn't
have to be as paranoid as OpenBSD's, but any contributed source code
in such a distribution should be inspected by someone before
inclusion, and any object code in the distribution should be compiled
directly from the source code by the distribution team.

As for the authentication mechanism, something along the lines of
signed JAR files or Micro$oft Authenticode signatures should work just
fine.  It would be nice if it used normal X509 certificates, but that's
not vital.




More information about the Python-list mailing list