[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] package.el: check tarball signature

From: Ted Zlatanov
Subject: Re: [PATCH] package.el: check tarball signature
Date: Thu, 03 Oct 2013 10:19:34 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Thu, 03 Oct 2013 16:18:46 +0900 Daiki Ueno <address@hidden> wrote: 

DU> Ted Zlatanov <address@hidden> writes:

>> This looks terrific, but please make signing an option per archive, not
>> per package or global.  The GNU ELPA will be signed; others may not.

DU> Ported package-unsigned-archives from your patch.  Also, added a check
DU> of archive-contents signature.  Thanks for the suggestions.

Wonderful.  Needs documentation, though... especially the new defcustoms.

Just one code comment:

+(defcustom package-check-signature 'allow-unsigned
+  "Whether to check package signatures when installing."
+  :type '(choice (const nil :tag "Never")
+                (const allow-unsigned :tag "Allow unsigned")
+                (const t :tag "Check always"))
+  :risky t
+  :group 'package
+  :version "24.1")

IMHO this should be per archive, not global.  WDYT?

The tests look great, too.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]