opam
This commit is contained in:
linse
parent
823c7c9967
commit
86930814e0
1 changed files with 12 additions and 4 deletions
16
Technology
16
Technology
|
|
@ -107,10 +107,18 @@ security breaches are contained to the information the unikernel contains.
|
||||||
|
|
||||||
### Secure updates
|
### Secure updates
|
||||||
|
|
||||||
If an OCaml library introduces security flaws or information leakage, all
|
If a security flaw is found in a library, and the library gets a security update,
|
||||||
unikernels depending on that library need to be updated. Updating an OCaml
|
all unikernels depending on this library need to be updated as well.
|
||||||
library can safely be done via its package manager opam, which uses signed
|
This can be done with the OCaml package manager.
|
||||||
repositories.
|
It resolves dependencies and lets authors sign their releases,
|
||||||
|
so there is no need for a central package repository server.
|
||||||
|
|
||||||
|
These servers are known targets for attackers.
|
||||||
|
Various servers hosting open source software have been breached, amongst them
|
||||||
|
are [Linux kernel](https://lwn.net/Articles/57135/), [FreeBSD
|
||||||
|
infrastructure](https://www.freebsd.org/news/2012-compromise.html),
|
||||||
|
[Debian](https://www.debian.org/News/2003/20031202),
|
||||||
|
[php](http://php.net/archive/2013.php#id2013-10-24-2).
|
||||||
|
|
||||||
TODO: For example ..
|
TODO: For example ..
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue