CHECKSUMS
serve any remaining purpose? What threat not already covered by the use of a trustworthy origin and channel can be averted by signature verification?As far as I can reason it out, (corrected) signature verification is both useful and important only when using an untrusted mirror and/or untrusted connection (in which case verifying the signature as being signed by the PAUSE private key provides proof that neither the mirror nor any hop on the route has tampered with the bits).
]]>Any change to an author's keys or uploads that aren't signed could be flagged.
The various CPAN tools could be modified to check a distribution against the author's keys.
Indeed – and I had thought of that but dismissed it: I reasoned it would require the filesystem of either of the two trusted mirrors to be exposed in a way that that allows to gain write access to it without gaining shell on the mirror – since (I reasoned) shell access would ultimately expose the private key one way or another, anyway.
But as I went to write down my reasoning for this reply I realised my mistake – the PAUSE private key exists on PAUSE but not the trusted mirrors. The mirrors cannot sign the CHECKSUMS
.
So the answer to my question is that verifying the signature protects against compromise of a mirror in general, because it proves that the checksums haven’t been tampered after leaving PAUSE.
The upshot is that “make sure your CPAN client uses https and a trusted mirror” is not a substitute for (properly patched) signature verification, and in fact is unnecessary given (properly patched) mandatory signature verification. It is merely a partial mitigation for absent or vulnerable signature verification.
]]>Author signatures means that you trust that the author has approved this code.
There's always the possibility that a malicious person has stolen PAUSE credentials *and* an author's key-signing credentials. It's not foolproof.
As an added safety, we could add a scheme for multiple signatures to be added. So another person can review code and submit their signature to PAUSE somehow.
]]>Marginal benefit, I'd say. It's an additional check that you're getting the expected file.
I've heard anecdotally that the checksums once identified a case where an rsync had been interrupted and result in a truncated file.
file://foo/bar
". Even though I know it's trusted I still get:
Warning: checksum file '/mnt/CPAN/authors/id/G/GB/GBARR/CHECKSUMS' not conforming.
The cksum does not contain the key 'cpan_path' for 'CPAN-DistnameInfo-0.12.tar.gz'.
Proceed nonetheless? [no]
How can I handle this scenario?
]]>You know, we don't have any uwsgi guides in Dancer2::Deployment. We have a big release coming up, would you be interested in contributing a sample config for that?
Thank you!
]]>A "*" allows the subroutine to accept a bareword, constant, scalar expression, typeglob, or a reference to a typeglob in that slot. The value will be available to the subroutine either as a simple scalar, or (in the latter two cases) as a reference to the typeglob. If you wish to always convert such arguments to a typeglob reference, use Symbol::qualify_to_ref() as follows:use Symbol 'qualify_to_ref';
sub foo (*) {
my $fh = qualify_to_ref(shift, caller);
...
}
which lets you do stuff like this
sub my_name(*;@) {
my $name = shift;
printf "Your name is %s\n", $name;
}
my_name(Roger);
my_name(Peter);
Another possibly useful prototype is the underscore (“_
”), which allows functions to default to $_
when given no argument, like e.g. chr
and hex
do.
I see the main limitation on prototypes being that & only coerces on the first parameter. I don't see a downside to & coercion on subsequent parameters. If the prototype says it should be a code ref, then if it looks like a block, treat it like a block, same as if the "sub" were there.
I don't see much advantage to Dispatch::Fu. While it adds a little syntactic sugar, it's really just an indirect way to do:
if ($cgi->param("action") eq q{foo} and $cgi->param("userid") != 0) {
do_foo();
}
elsif ($cgi->param("action") eq q{show_thankyou_html}) {
do_thanks();
}
else {
do_default();
}
Or just dispatch on $cgi->param("action") then add qualifying logic as part of the code blocks.
]]>