×
all 38 comments
sorted by:
best
topnewcontroversialoldq&a

[–]dominikwilkowski 44 points45 points  (0 children)

Excellent changes. Great work.

[–]MoorderVolt 53 points54 points  (9 children)

I really hope they can continue to support things other than GitHub. There’s plenty of history there not to become complacent with a monopoly.

[–]DHermit 61 points62 points  (6 children)

Have you read the article?

While Trusted Publishing is currently limited to GitHub Actions, we have built it in a way that allows other CI/CD providers like GitLab CI to be supported in the future.

That very much sounds like it's planned. And it totally makes sense to focus on one first and GitHub just has the bigger marketshare.

[–]MoorderVolt 30 points31 points  (1 child)

Not well enough apparently. Whoops.

[–]DHermit 15 points16 points  (0 children)

Happens 🤷‍♀️

[–]ghishadow 1 point2 points  (1 child)

github no support for ipv6 only system sucks due to high pricing of ipv4

[–]Jmc_da_boss 2 points3 points  (0 children)

It can also lead to some very weird errors lol

[–]Shnatsel 8 points9 points  (5 children)

Do OpenGraph images have to be PNG? You are going to get better encoding times and higher compression ratios using lossless WebP. For example, the bon.png from the article is 56kB in PNG and 43kB in lossless WebP.

On the flip side, WebP is the only major image format without a good encoder written in Rust (the one in image only implements light compression), so you'd have to use bindings to libwebp or a standalone binary like cwebp to create those images.

Edit: Hmm, this post I found says LinkedIn doesn't support WebP. I can't tell how recent the article is though.

[–]obetu5432 -2 points-1 points  (4 children)

fuck that google backdoor

[–]Shnatsel 10 points11 points  (2 children)

There's now an independent, fully memory-safe implementation of WebP decoding in Rust. So no more backdoor!

Frankly I am far more concerned about AVIF and especially JPEG XL than I am about WebP from the security standpoint.

[–]AugustusLego 0 points1 point  (1 child)

Why so?

[–]Shnatsel 6 points7 points  (0 children)

libjxl, the official implementation of JPEG XL, is 100k+ lines of parallel C++ that is a completely lost cause from the security perspective. It was not written with security in mind and it's going to be nearly impossible to retrofit it. There's a memory-safe implementation in Rust, jxl-oxide, but it is significantly slower than the C++ version, so much so that e.g. GNOME chose to use libjxl for performance reasons even though they're now using Rust implementations for pretty much everything else.

The good news is that Mozilla put their foot down and said they're not shipping libjxl in Firefox because of its immense attack surface, so the JPEG XL team is now working on a different Rust implementation that could potentially ship in Firefox. We'll see what comes of it and how much unsafe will it end up having.

As for AVIF, the closest thing we have to a memory-safe decoder is rav1d, which is a port of the dav1d decoder from C. It inherits the architecture of the C implementation and requires quite a lot of unsafe code.

That isn't to say that safe Rust cannot outperform C here. For example, the fastest PNG decoder in the world is written in Rust with zero unsafe blocks. But it will take a lot of effort to get there, and the much higher complexity of these recent codecs compared to something like PNG or even WebP doesn't make it any easier.

[–]whatDoesQezDo 8 points9 points  (0 children)

how can a standard be a backdoor?

[–]MichiRecRoom 3 points4 points  (3 children)

So, I'm wondering a bit about the security of Trusted Publishing. I do see the graph within the auth action's readme, and that helps me understand the process quite a bit.

However, since it's not explicitly listed in that diagram, I want to ask: Does crates.io verify the passed token with Github before returning a temporary token to the workflow? EDIT: I've looked into the relevant crates.io code, and I feel confident that the code is handling this process in a competent and secure manner.

Additionally, are these temporary tokens automatically deleted after a while, in cases where the workflow didn't delete them themselves? EDIT: It seems so - when creating the token, crates.io sets an expiry time of 30 minutes in the future, and a background job occasionally deletes expired tokens.

(P.S. For anyone reading and wondering the same things - please don't take my findings as proof of its security. I'm not a security expert by any means, and should not be trusted to give you correct information. Plus, I only performed a basic dive into the code. Please do your own research.)

[–]VorpalWay 1 point2 points  (2 children)

Not an expert in this field, but JWTs are signed. Presumably they could verify that the signature is correct?

[–]MichiRecRoom 0 points1 point  (0 children)

For what it's worth, that's what I thought too - however, I'd need to reread over how JWTs work to be sure.

In any case, I'm currently checking the relevant crates.io code, to see if it lines up with what I expect. So far it seems promising? But as with all things security, I'm not holding my breath.

[–]Veetahabon 2 points3 points  (10 children)

I imagine crates, that use trusted publishing could have a separate green checkmark to advertise that they have better publishing security and promote the usage of OIDC

[–]ctz99rustls 4 points5 points  (5 children)

Probably GitHub needs to do the necessary person-decades of work to make GitHub actions have a security posture matching this kind of assertion.

[–]Veetahabon 0 points1 point  (4 children)

What work do you mean, specifically?

[–]ctz99rustls 4 points5 points  (3 children)

I wrote a blog on this a couple of months back: https://jbp.io/2025/05/02/github-actions-is-someone-elses-computer.html

If you want an illustration of how profoundly unserious github is about GHA security, just observe that https://github.com/zizmorcore/zizmor did not come out of github, and thus far remains unsupported by them. The things it lints for (https://docs.zizmor.sh/audits/) are bad defaults or bad architectural decisions made by github.

[–]Veetahabon 1 point2 points  (2 children)

I agree, GHA's design sucks. Btw. the first article says this:

GHA in this model cannot keep secrets, and nor should it ever be given OIDC id-token: write permissions

but then zizmor promotes the usage of trusted publishing instead:

This "tokenless" flow has significant security benefits over a traditional manually configured API token, and should be preferred wherever supported and possible.

So what do?

[–]yossarian_flew_away 1 point2 points  (0 children)

So what do?

I think it's a balancing act: it's a matter of fact that people will trust CI/CD providers with security-sensitive operations, so we should do everything in our power to secure those operations. It's also the case that CI/CD platforms do offer security features that on-desktop publishing can't, namely a strong machine identity (via OIDC). This of course doesn't excuse GHA's suboptimal default security posture :-)

(I'm both the author of zizmor and one of the people who designed Trusted Publishing for PyPI, which is what crates.io's design was inspired by.)

[–]ctz99rustls 0 points1 point  (0 children)

zizmor is promoting trusted publishing as an alternative to manual long-term secret management (it is genuinely is a big improvement on that). That is a bit different to saying "let's build a monoculture of automated package publishing on a platform that we suspect is indefensible"

[–]epagecargo · clap · cargo-release 0 points1 point  (3 children)

When I talked to the trusted publishing folks, the impression I have is that the name is a misnomer, implying it is the trusted way to publish. In reality, this is specifically meant for increasing security specifically when publishing within automated systems, being more trusted than storing a token in the github environment that your action runs in.

On top of that, the process for publishing from Actions needs to mature a lot more. There is release-plz and it has resolved a lot of the shortcomings I identified when I last looked at it but there are still issues in controlling what gets published, package versions, and changelogs. Managing a local release takes seconds for me that would require several back and forths with Github if I were to use release-plz.

[–]Veetahabon 0 points1 point  (0 children)

Yeah, I know it's controversial and probably won't come true for this reason. I think it would be okay to have that checkmark if there was a way to 100% guarantee that the release (at least just cargo publish - not the entire git tagging/branching, changelog, version bumps process) was done on CI where one can see the CI logs, the commit hashes in all transparency and indefinitely. Today, OIDC gives the guarantee of running from a particular workflow on CI, but the github CI history is not permanent unfortunately

[–]yossarian_flew_away 1 point2 points  (1 child)

We named it "Trusted Publishing" on PyPI because the principal actor is the "publisher" (i.e. a GitHub Actions workflow), and it's being "trusted" via an identity verified through an OIDC credential exchange.

There's been a lot of very fair criticism of the name, but hopefully people don't think there's an implication that it's the only trusted way to publish. The "trusted" refers to the trust action placed in a workflow, which is implicit by default with a manually created token and explicit (and self-expiring) when done via OIDC.

[–]epagecargo · clap · cargo-release 0 points1 point  (0 children)

You are saying that in a sub-thread where someone proposed that packages published through this get an exclusive green checkmark.

iirc when I first saw the proposal for Rust, I thought this was meant to be more trusted than all other forms and that there would be carrots or sticks to get people to adopt it.

Another sub-thread where someone is taking issue with the name implying other forms of publishing aren't trusted.

The name is misleading and I don't look forward to dealing with more misunderstandings over it for at least the next year as both a Cargo team memper and as the maintainer of one of the publish/release tools within Rust.

[–]ghishadow 0 points1 point  (0 children)

I hope Blachsmith add support for their ci/cd

[–]colingwalters 0 points1 point  (1 child)

This is great! Since here we're binding crates.io to a git repo provider, I think a nice next step to take here would support in crates.io to double check the submitted crate tar vs the git repository and ensure they're "in sync" (to start probably that all files present match the git revision, and no files are present in the crate that are not in git or so). Then there'd be a "source sync verified" badge on the crate version, the version page on crates.io could link to the commit etc.

[–]epagecargo · clap · cargo-release 0 points1 point  (0 children)

That can be done indepedent of this. A prototype even exists. I know there were at least UX concerns over it (a mismatch isn't necesarrily bad, just calls out another thing worth auditing).

[–]Erdnussknacker -3 points-2 points  (2 children)

GitHub only, just like crates.io accounts in general... That's quite disappointing. Is there any timeline for when non-Microsoft platforms like GitLab will be supported?