hackage, cabal-get, and security

Bulat Ziganshin bulatz at HotPOP.com
Thu May 12 01:40:04 EDT 2005 

Hello Isaac,

Wednesday, May 11, 2005, 7:37:07 PM, you wrote:

>> Security is becoming ever more important, and the Haskell community
>> is growing, thereby increasing the currently remote possibility of
>> deliberate malware.  Since installation via hackage will be both
>> automatic, and often performed with root access, it is essential
>> to have a good security model from the beginning.  

i suggest some compromise variant: signing packages with gnupg, and
including all the necessary functionality in the hackage itself.
hackage must be able to generate key and to automatically sign
uploaded packages - so this will not require additional skills from
package writer as currently don't require from package's users

not every package writer are want and able to master another complex
program - in this case, gnupg. and if Haskell popularity will grow,
percent of such people among all package writers will grow. look at me
as example :)


IJ> Since we will actually accept packages without signatures, I think
IJ> this isn't too bad of a problem.  Users will get a warning if the key
IJ> is untrusted, and asked if they want to continue.  Hopefully this will
IJ> present enough of a barrier for script-kiddies and an incentive for
IJ> packagers to get their keys signed.

the purpose of protecting packages is to ensure that package we
downloading are uploaded by author of original version and noone else.
Both schemes (simple password and gnupg) reaches this goal

Reliable identification of package author matter only in some cases
and absolutely not the point when packages are automatically
downloaded as part of installing complex software

But completely unprotected packages will be a real problem

so, i think, that attention must be moved to easying of generating
keys and autosigning uploaded packages. if this will be impossible,
then we must use, i think, at least simple password scheme for
uploading unsigned packages. in any way, hackage server must ensure
that packages are not overwitten by non-authors


-- 
Best regards,
 Bulat                            mailto:bulatz at HotPOP.com

More information about the Libraries mailing list