Re: ELPA security

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA security

From:	Stefan Monnier
Subject:	Re: ELPA security
Date:	Tue, 08 Jan 2013 15:50:42 -0500
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)

> 1) sign `archive-contents' in the cron job when it's generated into
> `archive-contents.gpgsig' with the GNU ELPA maintainer key.

Not sure this needs to be signed.  But if you want to do it, that's fine.

> 3.1) If GPG is not available and the ELPA archive is to be verified, we
> prompt the user to override it once or abort.  They won't be allowed to
> override it permanently from the prompt--they have to `M-x
> customize-variable' to do it.  The prompt will be scary.

I don't see a strong need to be scary here.  Just ask the user something
like "Can't verify package signature; continue? (y/n)".

> 5) The GNU ELPA maintainer key will be shipped with the Emacs package.el.
> Does all of that sound good?

Pretty much, yes.  I do wonder about key management, tho: the GNU ELPA
key (note: not "maintainer" because the key does not belong to any
human being) will not last for ever.  We don't have to figure out all
the details now, but it would be good to make sure that when the key
needs to be replaced, we can do so without too much trouble.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ELPA security, (continued)

Prev by Date: Re: package.el + DVCS for security and convenience
Next by Date: Re: /srv/bzr/emacs/emacs-24 r111150: Merge Org (commit c8c217)
Previous by thread: Re: ELPA security
Next by thread: Re: ELPA security
Index(es):
- Date
- Thread