iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 480: Resolve unreferenced footnotes (#3238)

This commit is contained in:
Adam Turner 2023-08-05 12:55:53 +01:00 committed by GitHub
parent b445532b96
commit c418fc3236
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pep-0480.txt
View File

@ -1,7 +1,5 @@
PEP: 480
Title: Surviving a Compromise of PyPI: End-to-end signing of packages
Version: $Revision$
Last-Modified: $Date$
Author: Trishank Karthik Kuppusamy <karthik@trishank.com>,
Vladimir Diaz <vladimir.diaz@nyu.edu>,
Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu>
@ -78,7 +76,7 @@ TUF metadata available on PyPI to download distributions more securely.
the minimum security model, which supports continuous delivery of projects and
uses online cryptographic keys to sign the distributions uploaded by
developers. Although the minimum security model guards against most attacks on
software updaters [5]_ [7]_, such as mix-and-match and extraneous dependencies
software updaters [5]_ [6]_, such as mix-and-match and extraneous dependencies
attacks, it can be improved to support end-to-end signing and to prohibit
forged distributions in the event that PyPI is compromised.
@ -299,12 +297,12 @@ The package manager (pip) shipped with CPython MUST work on non-CPython
interpreters and cannot have dependencies that have to be compiled (i.e., the
PyPI+TUF integration MUST NOT require compilation of C extensions in order to
verify cryptographic signatures). Verification of signatures MUST be done in
Python, and verifying RSA [11]_ signatures in pure-Python may be impractical due
Python, and verifying RSA [8]_ signatures in pure-Python may be impractical due
to speed. Therefore, PyPI MAY use the `Ed25519`__ signature scheme.
__ http://ed25519.cr.yp.to/
Ed25519 [12]_ is a public-key signature system that uses small cryptographic
Ed25519 [9]_ is a public-key signature system that uses small cryptographic
signatures and keys. A `pure-Python implementation`__ of the Ed25519 signature
scheme is available. Verification of Ed25519 signatures is fast even when
performed in Python.
@ -728,7 +726,7 @@ attacks, or metadata inconsistency attacks.
Table 1: Attacks that are possible by compromising certain combinations of role
keys. In `September 2013`__, it was shown how the latest version (at the time)
of pip was susceptible to these attacks and how TUF could protect users against
them [8]_. Roles signed by offline keys are in **bold**.
them [7]_. Roles signed by offline keys are in **bold**.
__ https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
@ -882,16 +880,13 @@ References
==========
.. [2] https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf
.. [3] https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt
.. [4] https://packaging.python.org/glossary
.. [3] https://theupdateframework.github.io/specification/latest/index.html
.. [4] https://packaging.python.org/en/latest/glossary/
.. [5] https://github.com/theupdateframework/pip/wiki/Attacks-on-software-repositories
.. [6] https://mail.python.org/pipermail/distutils-sig/2013-September/022773.html
.. [7] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf
.. [8] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
.. [9] https://pypi.python.org/security
.. [10] https://mail.python.org/pipermail/distutils-sig/2013-August/022154.html
.. [11] https://en.wikipedia.org/wiki/RSA_%28algorithm%29
.. [12] http://ed25519.cr.yp.to/
.. [6] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf
.. [7] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
.. [8] https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. [9] https://ed25519.cr.yp.to/
Acknowledgements