[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Stefan Monnier |
Subject: |
Re: ELPA security |
Date: |
Fri, 28 Jun 2013 18:49:15 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
> Sorry, I've been careless with the terminology.
Oh, OK, then I understand, thanks.
> This would let the user or site admin easily install or remove ELPA
> archives without modifying Emacs Lisp code. `package-archives' would
> remain, but only as a way to specify unsigned archives.
I'd prefer to keep using Elisp for customization, and to handle the keys
in a more automated way.
> I'd rather go with the `etc/elpa/A' scheme above. Can you please
> consider it?
I really want it to be as seamless as possible for the user, so the user
should not have to setup any key infrastructure herself.
SM> ".gpgsig" is fine, as is ".sig". Are you talking about the packages's
SM> signatures, or about some ~/.emacs.d/elpa/archive/key.gpgsig?
> P.gpgsig for every file P.
As far as possible, I'd recommend to stick with "*ring.gpg" for the
keyrings, but if it's not possible, it's OK. Also this should be mostly
transparent to the user since she shouldn't have to manage those files
by hand, so the name isn't that important.
Stefan
Re: ELPA security, Ted Zlatanov, 2013/06/17
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Nic Ferrier, 2013/06/28
- Re: ELPA security,
Stefan Monnier <=
Re: ELPA security, Daiki Ueno, 2013/06/23
Re: ELPA security, Ted Zlatanov, 2013/06/28
Re: ELPA security, Daiki Ueno, 2013/06/28