[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: package.el + DVCS for security and convenience

From: Ted Zlatanov
Subject: Re: package.el + DVCS for security and convenience
Date: Mon, 24 Dec 2012 12:46:27 -0500
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)

On Mon, 24 Dec 2012 11:17:28 -0500 Stefan Monnier <address@hidden> wrote: 

>> Maybe `vc-dir' already has code to do this, so package.el can simply
>> ride on top of it.

SM> I'm afraid VC does not have much of that code yet.

It seems not too hard to add it: verifying signed commits/tags uses
orthogonal commands that don't affect the general VC workflow.

If no one else is interested I can add it to my TODO list.  But see below.

SM> An alternative is to only protect the communication between elpa.gnu.org
SM> and the end client: add a "GPG signature" to each entry of the
SM> `archive-contents' file, so they can be checked after the download.

The problem then is how to verify GPG signatures, especially if GnuPG is
not installed.  OTOH verifying signed tags in Git and signed commits in
Bazaar is part of the base packages, so it requires no more than having
them installed.

Still... how does it all work if Bazaar or Git are not installed?  Emacs
could verify GPG signatures directly.  I have looked at the protocol and
it's not terribly difficult, and in fact the GnuTLS integration brought
in most of the ciphers and decoders we would need to verify those
signatures, but then we'd require GnuTLS... argh, the dreaded bootstrap
problem.  Making it work on all platforms is not trivial.  In the core,
I think we only have `sha1' built-in.

I still think public-key cryptography and asymmetric ciphers are the
answer here, but I don't know how much we want to depend on external
tools or libraries for package installations, and how willing we are to
make installations insecure if those tools or libraries are not
available.  So I need the maintainers' wise opinion :)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]