On Tuesday, 11 February 2025 at 23:15:10 UTC-8 Georgi Guninski wrote: On the mirror I see:
sage-10.5.tar.gz torrent 1535.20 MB 2024-12-04 00:28 MD5: 83dab794f87e989a30e248f3b39c40db There are several potential issues with this: 1. If the mirror is compromised or MITM'ed, it could provide whatever checksum. There is unencrypted "http://"; mirror University of Washington, Seattle, WA, USA [3] Is this a real concern? The web has been moving to https connections for pretty much anything. It makes it much more painful to get a site set up, because you need to get a certificate signed for it from an authority that is recognized by default by most browsers. That's something that malicious players can still do, though. It's not *that* hard to get such a certificate. We could just remove non-https mirrors (or see if those mirrors can be upgraded to https). Posting a checksum right next to a download file is never going to protect against spoofing: the download file is under the same control as the hash is, so they can be kept in sync by a malicious player just as much as by a maintainer under normal circumstances. 2. The MD5 hash function is deprecated since years and considered broken. It's broken for crypto. It's still a hash that's perfectly fine for checking for random corruptions (which would probably be detected via https anyway). A posted hash like that is more for checking that. Because of the chain of trust issues (see below) I'm not sure it's worth changing to a cryptographic hash for this, since this posted hash doesn't really seem to solve anything for which a cryptographic hash is required. One possible approach is to sign with gpg the tarballs or only the hashes. But how do downloaders establish the chain of trust for the signing key? This is one of those things where we cannot do anything else than what is common practice, because anything else will put burden on the downloaders and will damage the accessibility of sagemath that way. In my opinion, this problem is commonly solved nowadays by curated software distributions (through stores, trusted package repositories, etc.) with keys that are predistributed with the operating system used. The integrity control is then offloaded from the end-user to the distribution maintainers. How do package maintainers protect against getting fed compromised sources? I know that when I download a live image for fedora for install on a new machine, I basically have no choice but to trust that I recognize the site from which I download it and that the site is not compromised. I don't really have independent means to get a hash on the live image to check its integrity. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/sage-devel/36f40320-b77e-4ade-93ec-3f716fb9bc01n%40googlegroups.com.
