[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19479: Package manager vulnerable to replay attacks
From: |
Stefan Monnier |
Subject: |
bug#19479: Package manager vulnerable to replay attacks |
Date: |
Wed, 25 Nov 2020 22:11:35 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
> How about adding this check in addition to the checksum check?
I think we should add this check in any case, yes.
> Having two separate checks together should surely bring more
> confidence than either of them would separately. That sounds like
> good "defense in depth" thinking to me.
I'm not sure the added hash is needed, but it seems reasonably harmless.
>> I think we'd want to keep the signatures anyway, e.g. they can still be
>> checked manually for old tarballs which aren't listed in
>> `archive-contents` any more. And more generally they allow
>> authenticating the origin of a package without having to look it up in
>> `archive-contents`.
> Valid points. Let's keep them indefinitely.
Especially since some people seem interested to add commands to
`package.el` to programatically install old packages.
Stefan