Easy Plugins Website - GSoC Project 2013

Jurre van Bergen drwhax at 2600nl.net
Wed May 29 16:58:28 EDT 2013

Hash: SHA1

On 05/29/2013 01:07 PM, Bhaskar Kandiyal wrote:
> <snip>
> 4. Security risk and issues of uploading binary plugins.
First of all, thanks for working on this, secondly, I have some
suggestions on how we could work this out and create a secure way of
handling the plugins for the users!

1) SSL
it would be nice to have the update website only accessible over SSL
with HSTS/CSP/X-Frame headers and pin the certificate in Pidgin. This
would make it _very_  hard for attackers to insert malicious plugins
while the user is downloading the plugin.

2) Gitian
Bitcoin gets compiled with a program called Gitian[1]:

I quote:
"Gitian is a secure source-control oriented software distribution
method. This means you can download trusted binaries that are verified
by multiple builders.

Gitian uses a deterministic build process to allow multiple builders to
create identical binaries. This allows multiple parties to sign the
resulting binaries, guaranteeing that the binaries and tool chain were
not tampered with and that the same source was used. It remove the build
and distribution process as a single point of failure."


It would be nice if the source code could be uploaded by the plugin
authors and then compiled on a Pidgin build-farm which consists of
several small vps systems and which then gets signed and the results
uploaded to the plugin website, if all matches, it would be safe to
assume the binary is safe.

3) Update framework

Has Pidgin considered using an update framework? How is the user going
to be securely notified about a version bump or security issues? Tor has
been working on TUF[2] which might be worth looking into.

[2] https://www.updateframework.com/

All the best,


- -- 
Give a man a fish and you feed him for a day; teach a man to fish and
you feed him for life.

Version: GnuPG v1.4.10 (GNU/Linux)


More information about the Devel mailing list