Automatic Script Updater
karlitschek at kde.org
Sun Nov 8 19:54:51 CET 2009
On 08.10.2009, at 16:40, Bart Cerneels wrote:
> On Thu, Oct 8, 2009 at 16:12, Mark Kretschmann <kretschmann at kde.org>
>>> On Thursday 08 October 2009 09:58:13 Sven Krohlas wrote:
>>>>> I don't think third-party scripts should be a part of this
>>>>> system. Who
>>>>> signs them off? By definition not us, as they are 3rd-party. We
>>>>> can't be
>>>>> the gateway for all 3rd-party script updates. But we don't want
>>>>> to allow
>>>>> random developers to inject code in amarok ad-hoc.
>>>> we can sign the keys of "trustworthy" (a term that has to be
>>>> defined then)
>>>> script developers. This way we don't have to sign each and every
>>>> update but
>>>> just have to verify that the key used to sign an update was
>>>> signed by our
>>>> key. The script package would need to contain the public key and
>>>> signature for it then.
>>>> Trustworthy could be someone
>>>> * we know personally
>>>> * has given good contributions to the community for some time
>>>> * we know the real identity of
>>>> or something like that.
>> Sorry, but "trustworthy" would never work in real life. Who wants to
>> take responsibility?
>> Let's say that you trust me in general. In reality you would only
>> trust me with certain things, e.g. fetching ice cream, programming UI
>> code, whatever. But you would not trust me to do a medical checkup on
>> Even if you did trust me with medicine, I could screw up. The same
>> applies to 3rd party contributors, as an analogy.
> I don't think we should bother with signing 3rd party scripts, I would
> rather have support for this in opendesktop and GHNS. And when that
> does we have to use those for our own updates as well. But until then
> we can use the proposed system.
> People already put their trust in the scriptwriters by installing over
> GHNS or directly from kde-apps.org. Just add signatures to that for
> auto updating and we have our infrastructure.
> A feature request for opendesktop.org: Perhaps we can use our personal
> keys to sign a script or have it signed by the amarok-developers group
> key. Because I fear the weakest link is the private key and password
> we have to either share or assign to one person.
> Adding all our default scripts to kde-apps is a good idea anyway since
> it's free publicity. And when they are updated there are automatic
> notifications via the various channels opendesktop.org has.
> CC'ed a few interested parties. Don't forget to CC them if necessary.
Sorry for the late reply.
It is quite clear that we need a security system for scripts on GHNS.
Signing the Scripts with the key of the uploader/developer is of
course possible but doesn´t solve the real problem.
As long as everybody can upload a script to openDesktop.org and users
can download it the signing doesn´t give as any security that the
script is safe.
What we also need is some kind of trust system on the server.
Something like this developer is already a contributor for some time,
developed several other scripts already, has a high rating and got
reviewed but other people with a high trust level. So the script has a
high trust level.
With this system we can mark the scripts with different trust level.
I plan do develop a system like this in the future. But this is not
done in a week so i need some time.
I hope this improves the security for Amarok.
What do you think?
karlitschek at kde.org
More information about the Amarok-devel