Random #pldev and #packagemanager idea: In the build system, developers should explicitly grant permission for packages to execute risky tasks like accessing the filesystem or network. This includes all transitive dependencies. By doing so, any suspicious behavior introduced by updates to dependencies or their dependencies would be apparent.
I am certainly a noob in this area and are not certain whether this can be an effective strategy to mitigate #supplychainattack
Definitely would like to see this taken incrementally further as you describe. Not just granting permissions individually, but basically a constraint / capability system -- each dep says what capabilities it requires (or reserves the right to require in future) and constrains its deps to a subset.
The only way to get that would be to bake it at the language level. It is doable (check "capabilities" as a Shibboleth) but there are multiple problems.
You would be overwhelmed. Thousands and thousands of demands for every build
In practice, sandboxing has proven more effective, this is what Nix and Guix are working on (and reproducible builds)
Imagine that you would probably want this for bash scripts, not only build systems ;)
@lesley that said, if you want to work on this and a bit more, I have a dormant PL project from last year i would love to inject enthusiasm and energy into again. Not being alone helps. And no knowledge necessary.
Trying to recruit you see :D (i couldn't join pltea this week for real life reasons :( )
Add comment