[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Bob Ippolito
bob at redivi.com
Fri Oct 3 07:13:07 EDT 2003
On Friday, Oct 3, 2003, at 04:50 America/New_York, Jack Jansen wrote:
>
> On Friday, October 3, 2003, at 12:37 AM, Bob Ippolito wrote:
>>> But we should definitely allow for some sort of public key scheme to
>>> be used. I've been toying with the idea of using the secure http of
>>> your browser, something like a "check integrity" button that would
>>> take the MD5 sum of the database, get an entry IntegrityCheck from
>>> the database (of the form
>>> "https://www.python.org/pimp/integrity/%s.html")
>>> fill in the md5sum and send your browser there. Probably the user
>>> should get a dialog first (from pimp) explaining how to check the
>>> integrity (look at the padlock) and what it means (you're only
>>> trusting
>>> the fact that whoever maintains the website also created this pimp
>>> database).
>>
>> I already purchased a GeoTrust (browsers trust this CA by default)
>> SSL certificate for pythonmac.org with this purpose in mind. I'm not
>> big on the MD5 sums of databases thing, I think that it should be
>> done with signatures, a la GPG. That way the author could update the
>> database, without python.org updating its, because the public key is
>> the same.
>
> Sorry, I wasn't clear enough. There is no such thing as a central list
> of trusted packages.
> Your database would have an IntegrityCheck of
> <https://undefined.org/pimp/integrity/%s.html>.
> The integrity check succeeding would only mean that the database the
> user has on-disk is
> indeed the exact same database as what you created, and by trusting
> the database the
> end-user trusts you (or, actually, as you pointed out elsewhere, the
> end user trusts you and
> your webhoster).
I don't understand how this could possibly be useful for a database
that changes often. You need a public key algorithm, not a hashing
algorithm.
> As md5 is included in the standard Python distribution, and its good
> enough for
> testing document integrity I see no reason to use something more
> elaborate. A PGP signature
> would allow offline verification, but the idea is that the https:
> integrity check URL
> handles that bit.
So let's put a public key algorithm into Python and do it the right
way. md5 is not going to do what you want it to do. md5 can only
verify that a file is very probably exactly the same as what it was
when the hash was created, it doesn't tell you it was created by a
trusted source. I don't want to implement a crappy solution just
because Python doesn't come with particular functionality,
functionality that would be useful on its own.. I mean, we *are*
already adding functionality to Python, there's no reason we shouldn't
be able to add the other bits to facilitate this.
-bob
More information about the Pythonmac-SIG
mailing list