![]() We’ve detailed these in a prior blog post, but suffice to say here that where older packages presented a juicy target for buffer overflow attacks, our new packages are much harder targets. That release contained major upgrades to our compiler infrastructure, which allowed us to take advantage of several new security improvements provided by compilers. All of our packages are served via https, so you can verify our certificate and be confident that there’s no man in the middleĪround this time in 2017, we released version 5 of the Anaconda Distribution.Conda verifies these sha256 values when installing packages, so the package must match the published index information.For example, here’s one of the defaults channels: These are contained in each channel’s index file, repodata.json. We publish sha256 values for all packages at the time we upload them.Our build team is required to use multifactor authentication to access the build network.Our build servers are on a dedicated network that only our build team has access to.We build on private servers in our data center.In order to prevent this happening to packages that you get from Anaconda’s “defaults” channel, we take many steps to ensure that no one gets between us and your packages. Just as the candy was produced “good” and turned “bad” down the line, we worry about people taking good packages and using them to infect users’ computers. Have you ever read one of those horrible stories around Halloween time where someone is doing nasty things to candy and hurting kids? Well, we think of the potential for maliciously modified packages like that nasty, corrupted candy. Security Package building and serving process We are, however, kept awake by the ever-present concern of the security and experience of our users! We’d like to take this opportunity to discuss some of the scary stuff out there, and what we’re doing to mitigate the risks and prevent problems. We’ve examined the data and concluded that it’s just the cleaning staff upstairs. At Anaconda, we’re not too scared about things that go bump in the night. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |