Alpine Linux? * Package download without HTTPS; * Operation on archive content before signature checks; * Custom updater & tar handling code. Maybe you should use a real distribution for your base images and stop worrying about that extra 2Mo it takes on your 2To drive.https://twitter.com/tqbf/status/1040320695048302593 …
-
-
Look, this bug begins and ends at not using https. The scene that doesn’t see that is the scene with the stale game.
-
It actually continues with extracting the archive before verifying the checksum.
-
No. The moment you parse a byte that didn’t come from the secure channel, you’re fucked. No exceptions. That includes the sum to check. It’s not saving you. Sorry.
-
Absolutely not. A package with a secure signature is a secure channel. You know, these days, not just using Uptane, which integrates well with package managers and solves all those problems, is something I don't understand.
-
No. It’s not. That is what the data is saying. Attempts to make secure packages don’t, in practice, work any better than signed JavaScript on HTTP pages, for the same reasons, as they’re the same thing. It’s just rolling your own crypto. Use TLS.
-
A couple of really smart people did implement Uptane. Go have a look at it.
-
What’s the underlying crypto engine? Gpg?
-
Nope. It's something designed and built from scratch.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.