| I am sure virtually everyone understands "code signing" to mean what it has meant historically. The author of code signs git commits, or a tarball, or signing a package as in the debian, arch, guix sense. All of which typically share cryptography standards like PGP rather than rolling their own solutions. Each maintainer has a signing key to identify themselves to the public without need for any central infra, and signs the packages they publish. Someone that accesses some centralized server or account will not be able to impersonate the key held by that developer or the signatures they issue. This new provenance system and the fulcio system which it is based on, is a centralized setup where you use traditional, usually phishable, authentication with a SaaS, and then the SaaS takes your submission and signs it for you with a centrally managed keychain. Having done security auditing for many fintech signing systems, I can tell you I have almost never once seen anyone get this right, particularly when there is no accountability. Is this done in a secure enclave with a public remote attestation of the software image running on it that I can locally compile and verify the matching hash of? Does that code enforce the participation of multiple distributed people to make updates, key exports, or key imports using shamirs secret sharing or similar? Or maybe it is just sitting on an amazon box somewhere a few people ssh to from their daily driver macbooks ? I don't -hate- centralized signing existing as an -option- if it is done very well and highly accountable (which fulcio is not, imo).
That said, -mandating- centralized signing on behalf of developers as the only path is really insulting, as though people who write software can't type a couple commands to provision a PGP key on a smartcard and publish their key to keyoxide which is strictly better in every way from a threat modeling perspective. Speaking of Fuclio, this was meant to "invent" a solution for container signing, even though PGP multisig has existed from the start. No one used it because none of the major players in container software documented it other than the podman team. https://github.com/containers/image/blob/main/docs/container...
https://docs.podman.io/en/latest/markdown/podman-image-trust... Back to NodeJS, Debian and Arch already sign npm packages with PGP keys. It works fine. We need to let people actually do that with NPM. Tell me how many supply chain attacks have happened in Debian or Arch recently compared to NPM? PGP may be a small barrier to entry, but it is a standard with solid smartcard support and works in practice. It should be the default recommendation to all developers, and end users should be able to set policies to only install packages signed by a trusted set of maintainer or reviewer keys. |