[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Stefan Monnier |
|
Subject: |
Re: ELPA security |
|
Date: |
Mon, 17 Jun 2013 10:34:37 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
>> And maybe automatically eliminate an archive from that "not signed"
>> list if we ever find a signature in it.
> If this is about security rather than adding to your BrightShinyThings
> collection, you should have a signed-and-verified-and-checked-for-
> expired-or-revoked-on-$DATE list, and eliminate any packages from the
> list if they fail any of the hyphenated conditions.
We're really far from that. The config under discussion is one that
indicates whether it's normal that the archive (the whole archive, not
a specific package) doesn't have signatures.
Stefan
- Re: ELPA security, Ted Zlatanov, 2013/06/16
- Re: ELPA security, Ted Zlatanov, 2013/06/17
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Nic Ferrier, 2013/06/28
- Re: ELPA security, Stefan Monnier, 2013/06/28
- Re: ELPA security, Daiki Ueno, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28