On 17-04-2015 05:34, Michael Snoyman wrote:
I wrote up a strawman proposal last week[5] which clearly needs work to be a realistic option. My question is: are people interested in moving forward on this? If there's no interest, and everyone is satisfied with continuing with the current Hackage-central-authority, then we can proceed with having reliable and secure services built around Hackage. But if others- like me- would like to see a more secure system built from the ground up, please say so and let's continue that conversation.
You say "more secure". Against what? What's the threat model? (Again, sorry if I missed it, it's been a long thread.) Yes, I'd definitely like a more "secure system" against many/all of the threats idenfied in e.g. TUF (perhaps even more, if realistic), but it's hard to evaluate a proposal without an explicitly spelled out threat model. This where adopting bits of TUF seems a lot more appealing than a home-brewed model, at least if we can remain confident that those bits actually mitigates the threats that we want covered. Regards,