[Haskell-cafe] Offer to mirror Hackage
Brandon S Allbery KF8NH
allbery at ece.cmu.edu
Sat Dec 11 20:51:19 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 12/9/10 16:04 , Richard O'Keefe wrote:
> I thought "X is a mirror of Y" meant X would be a read-only replica of Y,
> with some sort of protocol between X and Y to keep X up to date.
> As long as the material from Y replicated at X is *supposed* to be
> publicly available, I don't see a security problem here. Only Y accepts
> updates from outside, and it continues to do whatever authentication it
> would do without a mirror. The mirror X would *not* accept updates.
The above assumes that the operator of the mirror is trustworthy. It
wouldn't be difficult for a hostile party to set up a mirror, but then
modify the packages to include malware payloads --- if the packages aren't
signed. (Or even if they are signed if it's a sufficiently weak algorithm.
MD5 is already unusable for the purpose.)
Other possibilities include MITM attacks where the hostile party detects
that someone is attempting to download a package and spoofs a reply that
directs it to a different package.
(Or more complex tricks; see
brandon s. allbery [linux,solaris,freebsd,perl] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Haskell-Cafe