Hello, On Mon 15 Jul 2019 at 12:47PM -07, Russ Allbery wrote: > I'm dubious that we really care that much about a preimage attack on > SHA-1, [...] Someone suggested on IRC that such an attack on tag2upload is even less likely to be possible because each preimage has to be something which dpkg-source will successfully make into a source package with the same source package name, version etc. We also rely on git for security elsewhere. For example, dak is deployed by ftpmasters pushing a signed git tag to salsa; a cronjob on ftpmaster then deploys that code. That's relying on SHA-1 in pretty much the same way as tag2upload does, AFAICT. On Mon 15 Jul 2019 at 10:43PM +02, Ansgar Burchardt wrote: > It also has one downside: `git tag` alone won't be enough to generate > the required information, but then a special-purpose tool was proposed > here already. > > The client tool could possibly also just create the .dsc and .changes, > except for hashes of the compressed files, and the web service just > recreate the tarball and compress them. That would require near zero > trust in the web service, but still allow developers to no longer upload > source packages which might be large. (A bit similar to not having to > trust buildds by making packages reproducible.) This is certainly an interesting proposal and it would be better for users than using dput, as you say. An important advantage of the tag2upload solution over such a thing, aside from just the fact that it already exists today, is that it allows us to move (slowly!) towards replacing source packages with git trees, like the rest of the world has. git-debpush is such a simple wrapper around git-tag and git-push that its users really are uploading only by pushing a signed tag. Your proposal would bake source packages back into the upload process in a way that will make it harder to ever get rid of them. I appreciate that thanks to the SHA-1 thing you don't want to rely on git trees for much of anything, so this point will not move you, but I wanted to mention this point about obsoleting source packages for the benefit of others in the thread. We can expect git to move off SHA-1 eventually, and it is not at all clear the threat from preimage attacks is sufficient for it to be wise for us to hold ourselves back here. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature