Re: pkgsrc binary packages security with pkgin

To: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
Subject: Re: pkgsrc binary packages security with pkgin
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Fri, 31 Jan 2020 20:36:00 +0100

On Fri, Jan 31, 2020 at 07:21:40PM +0100, Jan Danielsson wrote:
> On 2020-01-31 08:49, yarl-baudig%mailoo.org@localhost wrote:
> > Please Maya and Mr Billquist, can you be more specific about how it is insecure?
> 
>    There are different domains to consider.
> 
>    *Assuming you can trust the build environment (which includes the
> signing process)*, and assuming that you can trust the underlying crypto:
> 
>    - HTTPS protects the connection between you and the server (assuming
> server authentication, and not just encryption).  So if you trust the
> remote server, your client, and the HTTPS implementation, then HTTPS is
> sufficient for the entire chain.

Not really; for this to be true you have to trust the build process, the way
the binary package is uploaded to the http server and the http server itself.

With signed binary pkg you only need to trust the build process.

In a world where there are multiple sources under different administrative
domains for the same file, this is important.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: pkgsrc binary packages security with pkgin
  - From: Jan Danielsson

References:
- Re: pkgsrc binary packages security with pkgin
  - From: yarl-baudig
- Re: pkgsrc binary packages security with pkgin
  - From: Jan Danielsson

Prev by Date: Re: pkgsrc binary packages security with pkgin
Next by Date: Re: pkgsrc binary packages security with pkgin
Previous by Thread: Re: pkgsrc binary packages security with pkgin
Next by Thread: Re: pkgsrc binary packages security with pkgin
Indexes:

Home | Main Index | Thread Index | Old Index