[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security in the emacs package ecosystem
From: |
Richard Stallman |
Subject: |
Re: Security in the emacs package ecosystem |
Date: |
Tue, 14 Mar 2023 00:00:00 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> The Emacs manual only mentions, that package archives can be
> signed and that "Package archives should provide instructions on
> how you can obtain their public key." (emacs, 48.3 Package
> Installation)
> There are no such instructions on https://elpa.gnu.org nor is
> there any information on security.
We need to provide information about these topics, as well as
everything else we expect ELPA package maintainers to do, and
whatever we want them to agree to.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)