[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Bob Ippolito bob at redivi.com
Fri Oct 3 07:13:07 EDT 2003 

On Friday, Oct 3, 2003, at 04:50 America/New_York, Jack Jansen wrote:

>
> On Friday, October 3, 2003, at 12:37 AM, Bob Ippolito wrote:
>>> But we should definitely allow for some sort of public key scheme to
>>> be used. I've been toying with the idea of using the secure http of
>>> your browser, something like a "check integrity" button that would
>>> take the MD5 sum of the database, get an entry IntegrityCheck from
>>> the database (of the form 
>>> "https://www.python.org/pimp/integrity/%s.html")
>>> fill in the md5sum and send your browser there. Probably the user
>>> should get a dialog first (from pimp) explaining how to check the
>>> integrity (look at the padlock) and what it means (you're only 
>>> trusting
>>> the fact that whoever maintains the website also created this pimp
>>> database).
>>
>> I already purchased a GeoTrust (browsers trust this CA by default) 
>> SSL certificate for pythonmac.org with this purpose in mind.  I'm not 
>> big on the MD5 sums of databases thing, I think that it should be 
>> done with signatures, a la GPG.  That way the author could update the 
>> database, without python.org updating its, because the public key is 
>> the same.
>
> Sorry, I wasn't clear enough. There is no such thing as a central list 
> of trusted packages.
> Your database would have an IntegrityCheck of 
> <https://undefined.org/pimp/integrity/%s.html>.
> The integrity check succeeding would only mean that the database the 
> user has on-disk is
> indeed the exact same database as what you created, and by trusting 
> the database the
> end-user trusts you (or, actually, as you pointed out elsewhere, the 
> end user trusts you and
> your webhoster).

I don't understand how this could possibly be useful for a database 
that changes often.  You need a public key algorithm, not a hashing 
algorithm.

> As md5 is included in the standard Python distribution, and its good 
> enough for
> testing document integrity I see no reason to use something more 
> elaborate. A PGP signature
> would allow offline verification, but the idea is that the https: 
> integrity check URL
> handles that bit.

So let's put a public key algorithm into Python and do it the right 
way.  md5 is not going to do what you want it to do.  md5 can only 
verify that a file is very probably exactly the same as what it was 
when the hash was created, it doesn't tell you it was created by a 
trusted source.  I don't want to implement a crappy solution just 
because Python doesn't come with particular functionality, 
functionality that would be useful on its own.. I mean, we *are* 
already adding functionality to Python, there's no reason we shouldn't 
be able to add the other bits to facilitate this.

-bob

More information about the Pythonmac-SIG mailing list