[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Stephen J. Turnbull |
Subject: |
Re: ELPA security |
Date: |
Sat, 22 Dec 2012 21:34:06 +0900 |
Xue Fuqiao writes:
> On Sat, 22 Dec 2012 06:07:19 +0100
> Bastien <address@hidden> wrote:
>
> > What about simply distributing, within GNU Emacs the
> > list of md5 hashes of valid(ated) packages?
Doesn't solve any problems that I can see. You'll still need to
distribute the hashes for newly added or updated packages somehow.
People aren't going to reinstall Emacs just because of a package
update they might like to try, and even if they would, the burden on
the maintainers would be substantial.
> It's quite easy and straightforward. And maybe functions like
> SHA-3 or MD6 are even better.
Get advice from someone who knows what they're talking about (which
isn't me, but I do know how much I don't know ;-). As far as I can
tell, MD5 is clearly out of the question any more for security
purposes. A hash believed secure for the foreseeable future is not a
huge computational burden in this application. The only real question
is whether it's installed on the users' systems or not.
- ELPA security, George Kadianakis, 2012/12/09
- Re: ELPA security, Nic Ferrier, 2012/12/09
- Re: ELPA security, Ted Zlatanov, 2012/12/21
- Re: ELPA security, Xue Fuqiao, 2012/12/21
- Re: ELPA security, Bastien, 2012/12/22
- Re: ELPA security, Xue Fuqiao, 2012/12/22
- Re: ELPA security,
Stephen J. Turnbull <=
- Re: ELPA security, Bastien, 2012/12/22
- Re: ELPA security, Bastien, 2012/12/22
- package.el + DVCS for security and convenience (was: ELPA security), Ted Zlatanov, 2012/12/22
- Re: package.el + DVCS for security and convenience, Nic Ferrier, 2012/12/24
- Re: package.el + DVCS for security and convenience, Bastien, 2012/12/24
- Re: package.el + DVCS for security and convenience, Ted Zlatanov, 2012/12/24
- Re: package.el + DVCS for security and convenience, Xue Fuqiao, 2012/12/24
- Re: package.el + DVCS for security and convenience, Stefan Monnier, 2012/12/24
- Re: package.el + DVCS for security and convenience, Ted Zlatanov, 2012/12/24
- Re: package.el + DVCS for security and convenience, Stephen J. Turnbull, 2012/12/24