[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA security

From: Bastien
Subject: Re: ELPA security
Date: Sat, 22 Dec 2012 14:03:32 +0100
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)

"Stephen J. Turnbull" <address@hidden> writes:

> Xue Fuqiao writes:
>  > On Sat, 22 Dec 2012 06:07:19 +0100
>  > Bastien <address@hidden> wrote:
>  > 
>  > > What about simply distributing, within GNU Emacs the
>  > > list of md5 hashes of valid(ated) packages?
> Doesn't solve any problems that I can see.  You'll still need to
> distribute the hashes for newly added or updated packages somehow.
> People aren't going to reinstall Emacs just because of a package
> update they might like to try, and even if they would, the burden on
> the maintainers would be substantial.

Well, if Emacs distributes the hashes and have a notion of certified
package for some of the GNU ELPA packages, that's already a progress.

I'm not expert, so I can't think of a better progress.  Hopefully
someone will come up with a better solution.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]