[darcs-users] Windows binaries for 2.1.0

David Roundy droundy at darcs.net
Thu Oct 16 20:34:16 UTC 2008


Hi Eric,

No, I'm not really very comfortable with putting the buildbot-built
binaries on darcs.net from a security perspective.  It's true that we
don't have very strong security safeguards, but I would still rather
not put untrusted binaries on darcs.net itself.  Although I trust
Zooko, I don't trust the owners of all buildbots to keep their
machines locked down, and I'd rather not try to distinguish between
the trusted and untrusted buildbots.

Why not just stick them on the wiki? Yes, that exposes downloaders to
the same sorts of attacks and a few more, but anyone downloading a
binary off a wiki really ought to know the risk they're taking, while
someone downloading from http://darcs.net/binaries has good reason to
believe that we trust those files.

David

P.S. Speaking of security, we really ought to add support for
cryptographically-hashed repository URLs and signed repositories.
It's pretty easy, and could protect us from DNS spoofing attacks.

On Thu, Oct 16, 2008 at 05:43:32PM +0100, Eric Kow wrote:
> Hi David,
> 
> What do you think about creating
>     http://darcs.net/binaries
> and http://darcs.net/binaries/latest ?
> 
> My hope is that we can have a place for buildbots to upload binaries for
> the latest build (maybe create a user binaries at darcs.net with ssh keys
> for each buildslave?).  The thinking is that we could also have things
> like http://darcs.net/binaries/2.1.0/darcs-windows.exe
> 
> This represents a shift in position for us, i.e. that we would now
> be supporting binaries.  But it seems like, for Windows at least, we
> don't have much of a choice.  Having the buildbots provide those
> binaries for us at least makes it easier for us to do so.
> 
> Thanks,
> 
> On Thu, Oct 16, 2008 at 07:42:59 -0600, zooko wrote:
> > Please put it into the ~/.ssh/authorized_keys file of some user on  
> > some server to which darcs executables should be copied from the  
> > windows buildbot.
> > 
> > Of course, this also means that you are allowing anyone who controls  
> > the corresponding private key (all five of the employees of  
> > allmydata.com) to do whatever they want with that user account on  
> > that server.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20081016/8a3c95d2/attachment-0001.pgp 


More information about the darcs-users mailing list