Re: ELPA security

[Stephen J. Turnbull]

Xue Fuqiao writes:
 > On Sat, 22 Dec 2012 06:07:19 +0100
 > Bastien <address@hidden> wrote:
 > 
 > > What about simply distributing, within GNU Emacs the
 > > list of md5 hashes of valid(ated) packages?

Doesn't solve any problems that I can see.  You'll still need to
distribute the hashes for newly added or updated packages somehow.
People aren't going to reinstall Emacs just because of a package
update they might like to try, and even if they would, the burden on
the maintainers would be substantial.

 > It's quite easy and straightforward.  And maybe functions like
 > SHA-3 or MD6 are even better.

Get advice from someone who knows what they're talking about (which
isn't me, but I do know how much I don't know ;-).  As far as I can
tell, MD5 is clearly out of the question any more for security
purposes.  A hash believed secure for the foreseeable future is not a
huge computational burden in this application.  The only real question
is whether it's installed on the users' systems or not.