[Typo3-typo3org] Re: Whitelist extension

[Juergen Egeling]

* Sven Wilhelm <wilhelm at icecrash.com> [050310 04:28]:
> >have a list of extensions which they know that these have been reviewed and
> >are regarded to be secure.
> There is a simple solution for that, called signing.
> An extension developer should sign extensions he is developing, the 
> review team the reviewed - passed - ones.
Signing makes sure, that the EXT is given out by the programmer that
has programmed it. If *he* is an attacker, than we even have a signed
attack, which (again) might give people the wrong impression of having
something "secure", although it is not secure.
To be precise: I am not against signing, but it should be clearly
stated for what reason we are signing. In fact we only set up the
signing process to make sure not one othe mirror people is attaking
the system. But we cannot asure that the original programmer is
not attacking the system, this is what we should tell the people at
least.
On the other quesion: Is it worth to set this up? if we give the
people the chance to put in their own mirror servers where they
only want to get the infos from, than they have it in their own hands
and a simple MD5 for checking the files would be enough (as any other
debian mirror is doing it, IMHO).
What I try to say: I am against a highly sophisticated system that is
top edge of security, but could lead to
a.) lower security by people not "thinking" any more
b.) make it uncomfortable for programmers to send EXT, as they have to
get registered keys
c.) IMHO does not give more security than an MD5 sum.
d.) Will take much time to be implemented, because we have to confince
programmers of about 600 EXT to start with public keys.

have fun
Juergen
-- 
punkt.de GmbH               Internet-Dienstleistungen-Beratung
Vorholzstr. 25              Tel.: 0721 9109-0  Fax: -100 
76137 Karlsruhe             info at punkt.de    http://punkt.de/