Re: ELPA security

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA security

From:	Stephen J. Turnbull
Subject:	Re: ELPA security
Date:	Mon, 17 Jun 2013 10:56:28 +0900

Stefan Monnier writes:

 > And maybe automatically eliminate an archive from that "not signed"
 > list if we ever find a signature in it.

If this is about security rather than adding to your BrightShinyThings
collection, you should have a signed-and-verified-and-checked-for-
expired-or-revoked-on-$DATE list, and eliminate any packages from the
list if they fail any of the hyphenated conditions.

And of course you probably want $DATE to change frequently.

And the list should be signed....

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ELPA security, Ted Zlatanov, 2013/06/16
- Re: ELPA security, Stefan Monnier, 2013/06/16
  - Re: ELPA security, Stephen J. Turnbull <=
    - Re: ELPA security, Ted Zlatanov, 2013/06/17
    - Re: ELPA security, Stephen J. Turnbull, 2013/06/17
    - Re: ELPA security, Ted Zlatanov, 2013/06/28
    - Re: ELPA security, Stefan Monnier, 2013/06/17
  - Re: ELPA security, Ted Zlatanov, 2013/06/17
    - Re: ELPA security, Ted Zlatanov, 2013/06/19
    - Re: ELPA security, Stefan Monnier, 2013/06/19
    - Re: ELPA security, Ted Zlatanov, 2013/06/23
    - Re: ELPA security, Stefan Monnier, 2013/06/23
    - Re: ELPA security, Ted Zlatanov, 2013/06/28

Prev by Date: Re: Interface of prog-prettification
Next by Date: Re: Undoing yank-pop
Previous by thread: Re: ELPA security
Next by thread: Re: ELPA security
Index(es):
- Date
- Thread