[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] package.el: check tarball signature

From: Ted Zlatanov
Subject: Re: [PATCH] package.el: check tarball signature
Date: Wed, 02 Oct 2013 07:17:19 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Mon, 30 Sep 2013 18:56:18 -0400 Stefan Monnier <address@hidden> wrote: 

DU> Well, I still don't understand why this is advertised as such a
DU> difficult problem, particularly why package.el would need sign operation
DU> with Emacs.  Am I missing something?
>> Yes, I think so.  Checking package signatures in general was mostly
>> resolved back in June 2013, I simply didn't have time to work on it
>> until just now.

SM> But the feature provided with the simple code of Daiki would already be
SM> very useful.  I know you had similar code working back then.  Why not
SM> install that already?

Daiki Ueno has moved on with his v2 patch and it provides most of the
desired functionality.  It still lacks two things I consider important:
per-archive signing and the verification of any downloaded file in a
signed archive.  Please let us know if you consider them important too
and I'll collaborate with him to implement them.

Meanwhile I've got all the Nettle hash functions and the ECB modes for
the ciphers working, and am making progress on exposing the CBC and CTR
ciphers, exposing RSA and DSA and ECC crypto, and writing ERT tests for
the whole.  I hope to have that work ready for review soon.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]