[libre-riscv-dev] next tasks
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Fri Mar 13 10:13:06 GMT 2020
On Fri, Mar 13, 2020 at 8:25 AM Jacob Lifshay <programmerjake at gmail.com> wrote:
> it's similar to installing firefox on windows, where you download and run
> the executable.
which says it all.
as an aside: when i analysed and derived the security requirements
that went into debian's package distribution design, it was
*SEVENTEEN* separate and distinct very specific requirements, any one
of which, if not complied with, completely and utterly destroyed the
security chain of package integrity.
https://github.com/rust-lang/rustup#security
"rustup is secure enough for the non-paranoid, but it still needs
work. rustup performs all downloads over HTTPS, but does not yet
validate signatures of downloads."
here's the good and the bad:
1). bad: it is seriously demeaning to use the phrase "non-paranoid" -
to ACCUSE potential users of rust of "being paranoid". can i suggest,
jacob, raising that as a severe and high-priority issue with the rust
community to get that removed effective immediate?
2). bad: relying on HTTPS simply makes the website itself a
high-priority hacking target. HTTPS verifies the *channel*, *not* the
contents.
3). good: at least they recognise that signature validation is critical.
4). bad: unfortunately they don't describe - at all - how they intend
to tackle this, and i can pretty much guarantee that if they haven't
thought about it fully, they *will* get it wrong. even copying
something like Redhat package distribution or archlinux distribution,
they'll get it wrong.
l.
More information about the libre-riscv-dev
mailing list