opam

2017-09-16 18:24:39 -04:00 · 2017-09-16 18:24:39 -04:00 · 86930814e0
commit 86930814e0
parent 823c7c9967
1 changed files with 12 additions and 4 deletions
--- a/16
+++ b/16
@ -107,10 +107,18 @@ security breaches are contained to the information the unikernel contains.

 ### Secure updates

-If an OCaml library introduces security flaws or information leakage, all
-unikernels depending on that library need to be updated.  Updating an OCaml
-library can safely be done via its package manager opam, which uses signed
-repositories.
+If a security flaw is found in a library, and the library gets a security update, 
+all unikernels depending on this library need to be updated as well.
+This can be done with the OCaml package manager. 
+It resolves dependencies and lets authors sign their releases, 
+so there is no need for a central package repository server.
+
+These servers are known targets for attackers.  
+Various servers hosting open source software have been breached, amongst them
+are [Linux kernel](https://lwn.net/Articles/57135/), [FreeBSD
+infrastructure](https://www.freebsd.org/news/2012-compromise.html),
+[Debian](https://www.debian.org/News/2003/20031202),
+[php](http://php.net/archive/2013.php#id2013-10-24-2). 

 TODO: For example ..