[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: uploader security
From: |
Bruno Haible |
Subject: |
Re: uploader security |
Date: |
Sun, 20 May 2018 12:23:34 +0200 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-119-generic; KDE/5.18.0; x86_64; ; ) |
Hi Jim,
> This is a tool by which one uploads signed tarballs to (usually) GNU
> servers, presumably for mass distribution. As such, I think we are
> justified in holding packagers/uploaders to a higher standard. At the
> very least, we should feel justified in expecting that an uploader run
> on a reasonably secure system: i.e., one that is still being
> maintained.
It is very debatable what constitutes a "reasonably secure system":
- given that there are different philosophies ("the user is responsible
for their system's security" vs. "all users are idiots, therefore only
a crippled system is a secure one"),
- regarding the details of the requirements: a maintained OS? a
permanently running antivirus? HTML display turned off in the mailer? ...
It is also very debatable whether GNU should merely *expect* that an
an uploader runs a secure system, or *enforce* it.
In any case, even if you want to enforce it, an error message
"*** Your distribution does not receive regular security updates"
is better than
"gpg-agent is not available in this session"
because it saves the user from an hour of investigation.
Bruno