An audit by a third-party security firm on our (separate) codebase highlighted in particular that this repo is vulnerable to a supply-chain attack, in particular because it is owned by an individual and not an organisation with layered access. A recent rise in the numbers of supply-chain attacks have given us pause to consider this seriously.
The particular attack path is to release an update into this repository with underhanded code (or other) such that an eclipse attack on services running this image can be pulled off. Projects such as thorchain are vulnerable to eclipse attacks and there could be significant funds at risk to motivate an attacker.
The authors of this repo can alleviate the concerns by moving the repository to a public organisation instead, there are multiple benefits to doing this more than just security concerns.
This issue can be closed if the authors disagree, though we raise it in good faith.
Context
An audit by a third-party security firm on our (separate) codebase highlighted in particular that this repo is vulnerable to a supply-chain attack, in particular because it is owned by an individual and not an organisation with layered access. A recent rise in the numbers of supply-chain attacks have given us pause to consider this seriously.
The particular attack path is to release an update into this repository with underhanded code (or other) such that an eclipse attack on services running this image can be pulled off. Projects such as thorchain are vulnerable to eclipse attacks and there could be significant funds at risk to motivate an attacker.
Addressing the issue
In lieu of any changes to address this by the authors of this repo, we elected to copy and move this into our own repository, where the project has better layered access and better controls/visibility.
Suggestions
The authors of this repo can alleviate the concerns by moving the repository to a public organisation instead, there are multiple benefits to doing this more than just security concerns.