PEP 480: Resolve unreferenced footnotes (#3238)
This commit is contained in:
parent
b445532b96
commit
c418fc3236
25
pep-0480.txt
25
pep-0480.txt
|
@ -1,7 +1,5 @@
|
||||||
PEP: 480
|
PEP: 480
|
||||||
Title: Surviving a Compromise of PyPI: End-to-end signing of packages
|
Title: Surviving a Compromise of PyPI: End-to-end signing of packages
|
||||||
Version: $Revision$
|
|
||||||
Last-Modified: $Date$
|
|
||||||
Author: Trishank Karthik Kuppusamy <karthik@trishank.com>,
|
Author: Trishank Karthik Kuppusamy <karthik@trishank.com>,
|
||||||
Vladimir Diaz <vladimir.diaz@nyu.edu>,
|
Vladimir Diaz <vladimir.diaz@nyu.edu>,
|
||||||
Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu>
|
Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu>
|
||||||
|
@ -78,7 +76,7 @@ TUF metadata available on PyPI to download distributions more securely.
|
||||||
the minimum security model, which supports continuous delivery of projects and
|
the minimum security model, which supports continuous delivery of projects and
|
||||||
uses online cryptographic keys to sign the distributions uploaded by
|
uses online cryptographic keys to sign the distributions uploaded by
|
||||||
developers. Although the minimum security model guards against most attacks on
|
developers. Although the minimum security model guards against most attacks on
|
||||||
software updaters [5]_ [7]_, such as mix-and-match and extraneous dependencies
|
software updaters [5]_ [6]_, such as mix-and-match and extraneous dependencies
|
||||||
attacks, it can be improved to support end-to-end signing and to prohibit
|
attacks, it can be improved to support end-to-end signing and to prohibit
|
||||||
forged distributions in the event that PyPI is compromised.
|
forged distributions in the event that PyPI is compromised.
|
||||||
|
|
||||||
|
@ -299,12 +297,12 @@ The package manager (pip) shipped with CPython MUST work on non-CPython
|
||||||
interpreters and cannot have dependencies that have to be compiled (i.e., the
|
interpreters and cannot have dependencies that have to be compiled (i.e., the
|
||||||
PyPI+TUF integration MUST NOT require compilation of C extensions in order to
|
PyPI+TUF integration MUST NOT require compilation of C extensions in order to
|
||||||
verify cryptographic signatures). Verification of signatures MUST be done in
|
verify cryptographic signatures). Verification of signatures MUST be done in
|
||||||
Python, and verifying RSA [11]_ signatures in pure-Python may be impractical due
|
Python, and verifying RSA [8]_ signatures in pure-Python may be impractical due
|
||||||
to speed. Therefore, PyPI MAY use the `Ed25519`__ signature scheme.
|
to speed. Therefore, PyPI MAY use the `Ed25519`__ signature scheme.
|
||||||
|
|
||||||
__ http://ed25519.cr.yp.to/
|
__ http://ed25519.cr.yp.to/
|
||||||
|
|
||||||
Ed25519 [12]_ is a public-key signature system that uses small cryptographic
|
Ed25519 [9]_ is a public-key signature system that uses small cryptographic
|
||||||
signatures and keys. A `pure-Python implementation`__ of the Ed25519 signature
|
signatures and keys. A `pure-Python implementation`__ of the Ed25519 signature
|
||||||
scheme is available. Verification of Ed25519 signatures is fast even when
|
scheme is available. Verification of Ed25519 signatures is fast even when
|
||||||
performed in Python.
|
performed in Python.
|
||||||
|
@ -728,7 +726,7 @@ attacks, or metadata inconsistency attacks.
|
||||||
Table 1: Attacks that are possible by compromising certain combinations of role
|
Table 1: Attacks that are possible by compromising certain combinations of role
|
||||||
keys. In `September 2013`__, it was shown how the latest version (at the time)
|
keys. In `September 2013`__, it was shown how the latest version (at the time)
|
||||||
of pip was susceptible to these attacks and how TUF could protect users against
|
of pip was susceptible to these attacks and how TUF could protect users against
|
||||||
them [8]_. Roles signed by offline keys are in **bold**.
|
them [7]_. Roles signed by offline keys are in **bold**.
|
||||||
|
|
||||||
__ https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
|
__ https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
|
||||||
|
|
||||||
|
@ -882,16 +880,13 @@ References
|
||||||
==========
|
==========
|
||||||
|
|
||||||
.. [2] https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf
|
.. [2] https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf
|
||||||
.. [3] https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt
|
.. [3] https://theupdateframework.github.io/specification/latest/index.html
|
||||||
.. [4] https://packaging.python.org/glossary
|
.. [4] https://packaging.python.org/en/latest/glossary/
|
||||||
.. [5] https://github.com/theupdateframework/pip/wiki/Attacks-on-software-repositories
|
.. [5] https://github.com/theupdateframework/pip/wiki/Attacks-on-software-repositories
|
||||||
.. [6] https://mail.python.org/pipermail/distutils-sig/2013-September/022773.html
|
.. [6] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf
|
||||||
.. [7] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf
|
.. [7] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
|
||||||
.. [8] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
|
.. [8] https://en.wikipedia.org/wiki/RSA_(cryptosystem)
|
||||||
.. [9] https://pypi.python.org/security
|
.. [9] https://ed25519.cr.yp.to/
|
||||||
.. [10] https://mail.python.org/pipermail/distutils-sig/2013-August/022154.html
|
|
||||||
.. [11] https://en.wikipedia.org/wiki/RSA_%28algorithm%29
|
|
||||||
.. [12] http://ed25519.cr.yp.to/
|
|
||||||
|
|
||||||
|
|
||||||
Acknowledgements
|
Acknowledgements
|
||||||
|
|
Loading…
Reference in New Issue