[isabelle-dev] Use HTTPS for components
lp15 at cam.ac.uk
Wed Jul 13 13:21:13 CEST 2016
I’m not sure that digitally signed components are really something to work on now. Are we really concerned about malicious attacks against our servers?
> On 13 Jul 2016, at 00:56, Gerwin Klein <Gerwin.Klein at nicta.com.au> wrote:
> I agree, we should do that.
> Ideally, we should actually sign those components. The downloading/receiving/checking side is not too hard to automate, but it would require entering the private key keyphrase when you are signing (providing) a new component.
>> On 13 Jul 2016, at 08:28, Lars Hupel <hupel at in.tum.de> wrote:
>> Dear Isabelle developers,
>> all of the critical Isabelle infrastructure (even website mirrors) is
>> reachable via HTTPS. For Jenkins, it's not so important. For executable
>> code, it is very important. Hence I would like to propose a simple
>> change in the global "etc/settings":
>> Because we don't sign components, we should at least make them available
>> over HTTPS. This is the bare minimum according to security best practices.
>> Potential disadvantage: Fetching from HTTPS using Perl's libwww requires
>> an addon package ("LWP-Protocol-https").
>> Potential remedy: Switch to curl for fetching components
>> - readily available everywhere
>> - less Perl required
>> (Note that it appears that that specific Perl addon is not available
>> under Cygwin.)
>> I don't think we should let shortcomings of some Perl module dictate a
>> lack of security.
>> isabelle-dev mailing list
>> isabelle-dev at in.tum.de
> The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.
> isabelle-dev mailing list
> isabelle-dev at in.tum.de
More information about the isabelle-dev