Insecure updates are the rule, not the exception
The Update Framework
As with most things in open source, you don't have to reinvent the wheel. The Update Framework (TUF)  is available under an open source license (but not one I recognize) and is written mostly in Python, so it's pretty understandable. Even better is that all the above security issues have been taken into account for the system design and implementation. It even addresses possible problems like key compromise.
One basic thing to keep in mind about security, especially for software updates, is that you need to make your system as secure as you can, but you also need to make it possible to return to a known good state (i.e., you have removed all the compromised packages and so on from your update infrastructure).
TUF places all of the heavy lifting on the server and end client. Thus, the intermediary mirror systems don't even need to know about it, which in turn makes deployment possible (trying to get a major mirror site to install some software so they can securely serve updates is a battle you will lose). Unfortunately, TUF isn't perfect – the only client is written in Python, so integrating it with non-Python software or on systems that don't natively support Python (e.g., Windows) will be difficult, to say the least. For more information, an excellent lightning talk is available on YouTube  that covers all the basics of TUF using PyPI.
You can certainly use TUF to secure updates, but, unfortunately, deploying TUF is nontrivial. You're going to need at least two servers (in case one fails) and some keys that will require management. That means it's probably not going to be used; in fact, I'm not aware of any software that uses TUF for updates. So, unless people start demanding that organizations and vendors, like WordPress, Drupal, Joomla, RubyGems, PyPI, Hackage, CPAN, and so on, start providing secure updates for all the code they make available, it isn't going to happen.
Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He often wonders how it is that technology works on a large scale but often fails on a small scale.
- HTP Zine 5: http://straylig.ht/zines/HTP5/0x02_Linode.txt
- Social Media Widget remote file inclusion: http://seclists.org/oss-sec/2013/q2/83
- OpenPGP Card: http://en.wikipedia.org/wiki/OpenPGP_card
- Kernel Concepts Security/Smartcards: http://shop.kernelconcepts.de/index.php?cPath=1_26
- The Update Framework: https://www.updateframework.com/
- TUF lightning talk: https://www.youtube.com/watch?v=2sx1lS6cT3g
Buy this article as PDF
New release targets Linux professionals.
The Fedora project adds Wayland and Gnome 3.22
CeBIT 2017: Open Source Forum Call for Papers
Long-time Linux antagonist joins the revolution.
Major bug affects Debian/Ubuntu distributions.
Canonical releases the minimal edition for embedded devices, Internet of Things, and cloud deployments.
The new release features improvements across the board, from performance to security.
Two out of three of the new members are women.
More than 5,000 people attended the event.
Linux Magazine will include the best of both magazines.