[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Stefan Monnier |
Subject: |
Re: ELPA security |
Date: |
Sun, 16 Jun 2013 19:12:02 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
> * add `package-signed-archives', a list of logical archive names with
> default '("gnu"). Add `package-archive-signed-p' to check it.
I'd opt for the opposite, i.e. list the archives that aren't signed.
And maybe automatically eliminate an archive from that "not signed"
list if we ever find a signature in it.
> If you're OK with the code changes I'll get them working and start
> implementing `package--verify-signature'.
Go ahead,
Stefan