iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 480: Resolve unreferenced footnotes (#3238)

This commit is contained in:
Adam Turner 2023-08-05 12:55:53 +01:00 committed by GitHub
parent b445532b96
commit c418fc3236
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pep-0480.txt
View File

@ -1,7 +1,5 @@
PEP: 480 PEP: 480
Title: Surviving a Compromise of PyPI: End-to-end signing of packages Title: Surviving a Compromise of PyPI: End-to-end signing of packages
Version: $Revision$
Last-Modified: $Date$
Author: Trishank Karthik Kuppusamy <karthik@trishank.com>, Author: Trishank Karthik Kuppusamy <karthik@trishank.com>,
Vladimir Diaz <vladimir.diaz@nyu.edu>, Vladimir Diaz <vladimir.diaz@nyu.edu>,
Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu> Justin Cappos <jcappos@nyu.edu>, Marina Moore <mm9693@nyu.edu>
@ -78,7 +76,7 @@ TUF metadata available on PyPI to download distributions more securely.
the minimum security model, which supports continuous delivery of projects and the minimum security model, which supports continuous delivery of projects and
uses online cryptographic keys to sign the distributions uploaded by uses online cryptographic keys to sign the distributions uploaded by
developers. Although the minimum security model guards against most attacks on developers. Although the minimum security model guards against most attacks on
software updaters [5]_ [7]_, such as mix-and-match and extraneous dependencies software updaters [5]_ [6]_, such as mix-and-match and extraneous dependencies
attacks, it can be improved to support end-to-end signing and to prohibit attacks, it can be improved to support end-to-end signing and to prohibit
forged distributions in the event that PyPI is compromised. forged distributions in the event that PyPI is compromised.
@ -299,12 +297,12 @@ The package manager (pip) shipped with CPython MUST work on non-CPython
interpreters and cannot have dependencies that have to be compiled (i.e., the interpreters and cannot have dependencies that have to be compiled (i.e., the
PyPI+TUF integration MUST NOT require compilation of C extensions in order to PyPI+TUF integration MUST NOT require compilation of C extensions in order to
verify cryptographic signatures). Verification of signatures MUST be done in verify cryptographic signatures). Verification of signatures MUST be done in
Python, and verifying RSA [11]_ signatures in pure-Python may be impractical due Python, and verifying RSA [8]_ signatures in pure-Python may be impractical due
to speed. Therefore, PyPI MAY use the `Ed25519`__ signature scheme. to speed. Therefore, PyPI MAY use the `Ed25519`__ signature scheme.
__ http://ed25519.cr.yp.to/ __ http://ed25519.cr.yp.to/
Ed25519 [12]_ is a public-key signature system that uses small cryptographic Ed25519 [9]_ is a public-key signature system that uses small cryptographic
signatures and keys. A `pure-Python implementation`__ of the Ed25519 signature signatures and keys. A `pure-Python implementation`__ of the Ed25519 signature
scheme is available. Verification of Ed25519 signatures is fast even when scheme is available. Verification of Ed25519 signatures is fast even when
performed in Python. performed in Python.
@ -728,7 +726,7 @@ attacks, or metadata inconsistency attacks.
Table 1: Attacks that are possible by compromising certain combinations of role Table 1: Attacks that are possible by compromising certain combinations of role
keys. In `September 2013`__, it was shown how the latest version (at the time) keys. In `September 2013`__, it was shown how the latest version (at the time)
of pip was susceptible to these attacks and how TUF could protect users against of pip was susceptible to these attacks and how TUF could protect users against
them [8]_. Roles signed by offline keys are in **bold**. them [7]_. Roles signed by offline keys are in **bold**.
__ https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html __ https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
@ -882,16 +880,13 @@ References
========== ==========
.. [2] https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf .. [2] https://theupdateframework.io/papers/survivable-key-compromise-ccs2010.pdf
.. [3] https://github.com/theupdateframework/tuf/blob/develop/docs/tuf-spec.txt .. [3] https://theupdateframework.github.io/specification/latest/index.html
.. [4] https://packaging.python.org/glossary .. [4] https://packaging.python.org/en/latest/glossary/
.. [5] https://github.com/theupdateframework/pip/wiki/Attacks-on-software-repositories .. [5] https://github.com/theupdateframework/pip/wiki/Attacks-on-software-repositories
.. [6] https://mail.python.org/pipermail/distutils-sig/2013-September/022773.html .. [6] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf
.. [7] https://theupdateframework.io/papers/attacks-on-package-managers-ccs2008.pdf .. [7] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html
.. [8] https://mail.python.org/pipermail/distutils-sig/2013-September/022755.html .. [8] https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. [9] https://pypi.python.org/security .. [9] https://ed25519.cr.yp.to/
.. [10] https://mail.python.org/pipermail/distutils-sig/2013-August/022154.html
.. [11] https://en.wikipedia.org/wiki/RSA_%28algorithm%29
.. [12] http://ed25519.cr.yp.to/
Acknowledgements Acknowledgements