On 2022-01-04 16:13:17 -0600 (-0600), Pete Zaitcev wrote: [...]
As it happens, just a short time back, I ran into an issue with PyPI.[1] Basically, it's possible to upload something there and nobody knows anything about it. Is that loss of audit trail a concern for our releases?
-- Pete
That sounds like one of the nose maintainers uploaded a broken file to PyPI, or someone compromised one of their accounts, or hijacked the upload mechanism they were relying on. I'm not sure it's evidence that PyPI itself is untrustworthy, the same can happen (and has) in other places like NPM... really any artifact registry is susceptible if there are no cryptographic signatures or external checksums to validate the files, or if the compromise happens earlier in automation than where checksums or signatures are generated for that matter. Was the altered code malicious? Did the maintainers publish a security advisory somewhere with details? The PyPI maintainers are generally willing to help investigate such incidents, and are in the process of pushing stronger authentication mechanisms (2FA for logins, separate upload tokens, TUF for artifact attestation). Anyway, back to the original topic, I don't think any of us were strongly against hosting copies of the release tarballs/wheels for OpenDev's Python-based utilities, we just hadn't taken the time to set up jobs to upload them anywhere besides PyPI nor decided on any sort of signing/attestation solution (reuse what we're doing for OpenStack with the OpenStack release signing key? Create a separate OpenDev release signing key and use that? Switch OpenStack's releases to an OpenDev signing key too? Do something other than OpenPGP signatures in the wake of the SKS WoT collapse?). -- Jeremy Stanley