Threat modeling and MacPorts [was Re: security projects thoughts]

Jeff Johnson n3npq at mac.com
Wed Apr 20 16:16:23 PDT 2011


On Apr 19, 2011, at 5:03 PM, Jordan K. Hubbard wrote:

> Howdy all,
> 
> So, that was quite some thread!   I've finally gotten all the way through it and have to say that the overall level of civility and "quality of discussion" was pretty darned high for an open discussion on The Intarwebs and I'm impressed that everyone managed to beat the signing discussion to death without actually attempting to beat one another to death in the process.  Well done, everyone - I'm genuinely impressed!   You may or may not know how truly rare that is.  :-)
> 

Well civility on a public mailing list doesn't make security discusssions
any easier to endure.

Let me plant a public announcement here, lest I endure FUD later:

	Anyway who thinks that I claimed that the non-repudiable signature
	implemented @rpm5.org and used for "robo-signing" is
		acceptable and secure
	based on what I wrote publically is totally on crack.

I used the non-repudiable signature as an example of how a proper
(and civil) discussion about security and "package management"
might proceed through narrower and prioritized goals.

I do think that "origin authentication" -- howsoever that might be achieved --
is all that is needed for "package management", because "origin" is
rather easy to understand as a security goal for binary packages,
while what is actually in packages, and what security might be in place,
is usually a very deep, dark mystery to most.

Again, I made NO CLAIM WHATSOEVER that the non-repudiable signature
and "robo-signing" implemented @rpm5.org is relevant to (still non-existent)
MacPorts packaging. I used what is implemented as an example only.

Getting "robo-signing" in place "securely" and "aceptably" is a non-trivial exercise.

Anyone who tells you different is a liar.

73 de Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20110420/d1119c64/attachment.bin>


More information about the macports-dev mailing list