[ruby-talk:30442] Re: snippet exchange (was: Re: Re: chomp for arrays?)

< ^ > P N |<>|^_>< --- | ~ ...Help
> be very aware of the risks you're taking with it.

Thanks, I will.

-----Original Message-----
From: Dan Sugalski [mailto:dan / sidhe.org]
Sent: Sunday, January 06, 2002 8:56 PM
To: ruby-talk ML
Subject: [ruby-talk:30435] Re: snippet exchange (was: Re: Re: chomp for
arrays?)


At 01:28 PM 1/7/2002 +0900, Mark Hahn wrote:
>I don't understand.   I seriously doubt the cia would be interested in this
>feature.  From what you describe, every internet-shared facility is
>insecure.

Unless you've got some sort of authentication token from them you can
trust, and an authenticated connection, they aren't.

>Your argument means no code could ever be disrtributed via the
>net.

Nope, that's not my argument. My argument is there are a number of
significant vulnerabilities in the scheme proposed. (Well, less an argument
than a depressing statement of fact, but close enough) This scheme has a
lot of security implications--they should be considered with care.

>I'm not proposing that this would be forced on anyone.  I'm just suggesting
>it for people like me.

Then implement and use it. But be very aware of the risks you're taking
with it.

>----- Original Message -----
>From: "Dan Sugalski" <dan / sidhe.org>
>To: "ruby-talk ML" <ruby-talk / ruby-lang.org>
>Sent: Sunday, January 06, 2002 7:03 PM
>Subject: [ruby-talk:30410] Re: snippet exchange (was: Re: Re: chomp for
>arrays?)
>
>
> > At 11:48 AM 1/7/2002 +0900, Rich Kilmer wrote:
> > >Right and the way to address this is to have a public/private
encryption
>key
> > >pair that signs the stored RubyGem/code a la Java Jar signing.
> >
> > I'm not entirely sure that this would be sufficient.
> >
> > No, that's not true. I'm entirely sure it's not sufficient. I can think
of
> > many, many ways to crock this. You're counting on the remote keyserver
> > being trustworthy (they aren't), DNS being trustworthy (it isn't), that
>the
> > signing entity is trustworthy (they aren't), and that the source you're
> > fetching is safe to use sight unseen (it isn't).
> >
> > Someone could poison your DNS cache. The remote repository can be
> > compromised.   The keyserver can be compromised. A proxy in the middle
of
> > the transaction can be compromised or poisoned. The person providing the
> > code can be less trustworthy than you think they are.
> >
> > Yeah, these are all potential issues when installing any chunk of code
>from
> > the net, but at least with a manual install you have a chance to check
> > things out even if you choose not to. With automagic loading, you take
all
> > the potential checks out of the process. (FWIW, I considered this and
> > discarded it for parrot. It's the sort of thing I'd not allow to be
> > installed on a system I administered)
> >
> > > > -----Original Message-----
> > > > From: Dan Sugalski [mailto:dan / sidhe.org]
> > > > Sent: Sunday, January 06, 2002 9:38 PM
> > > > To: ruby-talk ML
> > > > Subject: [ruby-talk:30401] Re: snippet exchange (was: Re: Re: chomp
>for
> > > > arrays?)
> > > >
> > > >
> > > > At 06:31 AM 1/7/2002 +0900, Mark Hahn wrote:
> > > >
> > > > >A daydream of mine is a "super-require" that if the file was not
> > > > found, the
> > > > >loader would go to a central place on the web and load it (sort of
>like
> > > > >marimba).  I don't tend to use other people's modules just
> > > > because I'm too
> > > > >lazy to find and install them.
> > > >
> > > > That's a rather dangerous thing to implement. There are an awful lot
>of
> > > > security issues there...
> >
> >
> > Dan
> >
> > --------------------------------------"it's like
this"-------------------
> > Dan Sugalski                          even samurai
> > dan / sidhe.org                         have teddy bears and even
> >                                       teddy bears get drunk
> >