[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] package.el: check tarball signature
From: |
Ted Zlatanov |
Subject: |
Re: [PATCH] package.el: check tarball signature |
Date: |
Thu, 03 Oct 2013 10:19:34 -0400 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Thu, 03 Oct 2013 16:18:46 +0900 Daiki Ueno <address@hidden> wrote:
DU> Ted Zlatanov <address@hidden> writes:
>> This looks terrific, but please make signing an option per archive, not
>> per package or global. The GNU ELPA will be signed; others may not.
DU> Ported package-unsigned-archives from your patch. Also, added a check
DU> of archive-contents signature. Thanks for the suggestions.
Wonderful. Needs documentation, though... especially the new defcustoms.
Just one code comment:
+(defcustom package-check-signature 'allow-unsigned
+ "Whether to check package signatures when installing."
+ :type '(choice (const nil :tag "Never")
+ (const allow-unsigned :tag "Allow unsigned")
+ (const t :tag "Check always"))
+ :risky t
+ :group 'package
+ :version "24.1")
IMHO this should be per archive, not global. WDYT?
The tests look great, too.
Ted
- Re: [PATCH] package.el: check tarball signature, Daiki Ueno, 2013/10/02
- Re: [PATCH] package.el: check tarball signature, Thien-Thi Nguyen, 2013/10/02
- Re: [PATCH] package.el: check tarball signature, Stefan Monnier, 2013/10/02
- Re: [PATCH] package.el: check tarball signature, Daiki Ueno, 2013/10/03
- Re: [PATCH] package.el: check tarball signature, Stefan Monnier, 2013/10/04
- Re: [PATCH] package.el: check tarball signature, Eli Zaretskii, 2013/10/04
- Re: [PATCH] package.el: check tarball signature, Ted Zlatanov, 2013/10/04
- Re: [PATCH] package.el: check tarball signature, Daiki Ueno, 2013/10/04
- Re: [PATCH] package.el: check tarball signature, Stephen J. Turnbull, 2013/10/05
- Re: [PATCH] package.el: check tarball signature, Ted Zlatanov, 2013/10/05
- Re: [PATCH] package.el: check tarball signature, Stephen J. Turnbull, 2013/10/05
- Re: [PATCH] package.el: check tarball signature, Ted Zlatanov, 2013/10/05