Re: ELPA security

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA security

From:	Stephen J. Turnbull
Subject:	Re: ELPA security
Date:	Tue, 18 Jun 2013 00:54:32 +0900

Ted Zlatanov writes:

 > I'd rather not build a certificate infrastructure ourselves.

I have no problem with that.

 > CRLs are especially tricky.  Trusting a maintainer signature at the
 > archive level and verifying it for each package when it's
 > downloaded seems like a good compromise for Emacs.

Then there's no need for a signed or unsigned list.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ELPA security, Ted Zlatanov, 2013/06/16
- Re: ELPA security, Stefan Monnier, 2013/06/16
  - Re: ELPA security, Stephen J. Turnbull, 2013/06/16
    - Re: ELPA security, Ted Zlatanov, 2013/06/17
    - Re: ELPA security, Stephen J. Turnbull <=
    - Re: ELPA security, Ted Zlatanov, 2013/06/28
    - Re: ELPA security, Stefan Monnier, 2013/06/17
  - Re: ELPA security, Ted Zlatanov, 2013/06/17
    - Re: ELPA security, Ted Zlatanov, 2013/06/19
    - Re: ELPA security, Stefan Monnier, 2013/06/19
    - Re: ELPA security, Ted Zlatanov, 2013/06/23
    - Re: ELPA security, Stefan Monnier, 2013/06/23
    - Re: ELPA security, Ted Zlatanov, 2013/06/28
    - Re: ELPA security, Nic Ferrier, 2013/06/28
    - Re: ELPA security, Stefan Monnier, 2013/06/28

Prev by Date: Re: at risk
Next by Date: Re: Interface of prog-prettification
Previous by thread: Re: ELPA security
Next by thread: Re: ELPA security
Index(es):
- Date
- Thread