[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Ted Zlatanov |
|
Subject: |
Re: ELPA security |
|
Date: |
Mon, 17 Jun 2013 03:20:41 -0400 |
|
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (darwin) |
On Sun, 16 Jun 2013 19:12:02 -0400 Stefan Monnier <address@hidden> wrote:
>> * add `package-signed-archives', a list of logical archive names with
>> default '("gnu"). Add `package-archive-signed-p' to check it.
SM> I'd opt for the opposite, i.e. list the archives that aren't signed.
SM> And maybe automatically eliminate an archive from that "not signed"
SM> list if we ever find a signature in it.
How about basing the decision on the existence of
etc/elpa/ARCHIVE-NAME.signed which can then tell us more about the way
the archive is signed without customizing ELisp code? Like a Yum or APT
repository description you can drop in? I could use it to automatically
augment `package-archives' if you think that's useful, so it becomes
very manageable for a whole site.
>> If you're OK with the code changes I'll get them working and start
>> implementing `package--verify-signature'.
SM> Go ahead,
OK, thanks for the review.
Ted
- Re: ELPA security, Ted Zlatanov, 2013/06/16
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Nic Ferrier, 2013/06/28
- Re: ELPA security, Stefan Monnier, 2013/06/28
- Re: ELPA security, Daiki Ueno, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Daiki Ueno, 2013/06/28