[TriLUG] The sad state of sysadmin in the age of containers
Igor Partola via TriLUG
trilug at trilug.org
Fri Mar 13 14:33:27 EDT 2015
Sean,
> Straw man argument. This isn't about Puppet, or any one package, but the
bigger picture.
The original email you sent specifically talked about puppet being used to
enable an NSA backdoor: "Then it tries to run sudo puppet to enable the NSA
backdoors". Substitute puppet for bash or python or sh or csh or zsh or
ruby or gcc in that sentence and you see how absurd singling out puppet is.
> Signing and rolling releases aren't mutually exclusive. It's perfectly
> reasonable to expect an upstream developer to sign releases with each new
> version. This isn't difficult, and not hard for a downstream packager to
check.
The first part of this paragraphs is correct: it costs me nothing, as a
developer to sign my releases. The second part implies that there is a
downstream author. Debian stable includes Roughly 48,500 packages. That's a
lot. But look at http://www.modulecounts.com/. The NodeJS packages via npm
include nearly 3 times as many at just under 140,000. PyPI includes over
55,000. Many of these are useful, yet little known. Not every one of these
has a trusted "downstream" maintainer who is also widely trusted by the
community. In other words, it's a question of resources: there aren't
enough maintainers for all these packages. Thus, the signature on the
package tells you nothing since anybody can create a PGP keypair and sign a
package.
Re: HTTPS and CA's being broken, I agree completely. CA's working the way
they do means reduces security from, e.g.: government-level adversaries.
However, the questions of which protocol to use vs who to trust are
somewhat independent. We can move to HTTPS-only first, then fix the CA
problem. Unfortunately, no good solutions to the CA problem currently
exist. Distributed trust is a hard problem to solve and bootstrapping trust
is very difficult, as those who try to maintain WoT will attest. Let's fix
the glaring problem: HTTP is insecure, then fix the less glaring problem:
some CA's are insecure.
Igor
More information about the TriLUG
mailing list