[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security in the emacs package ecosystem
From: |
Eli Zaretskii |
Subject: |
Re: Security in the emacs package ecosystem |
Date: |
Sat, 18 Feb 2023 13:49:35 +0200 |
> From: Ihor Radchenko <yantar92@posteo.net>
> Cc: Husain Alshehhi <husain@alshehhi.io>, emacs-devel@gnu.org
> Date: Sat, 18 Feb 2023 10:57:34 +0000
>
> Stefan Kangas <stefankangas@gmail.com> writes:
>
> > Its current default is `allow-unsigned', however, which is about as
> > useful for security purposes as if it was nil. I think we should
> > consider changing it to t in Emacs 30.
>
> If the default is t, users will be forced to have OpenPGP installed.
Right.
> Maybe the default should be like t, but only when OpenPGP is available.
We could also display a warning, once, when we detect that OpenPGP is
not available and set the value to allow-unsigned. This way the user
is alerted to the problem and can take action to fix it.
- Re: Security in the emacs package ecosystem, Ihor Radchenko, 2023/02/04
- Re: Security in the emacs package ecosystem, Stefan Kangas, 2023/02/04
- Re: Security in the emacs package ecosystem, Ihor Radchenko, 2023/02/17
- Re: Security in the emacs package ecosystem, Ihor Radchenko, 2023/02/17
- Re: Security in the emacs package ecosystem, Stefan Kangas, 2023/02/17
- Re: Security in the emacs package ecosystem, Ihor Radchenko, 2023/02/18
- Re: Security in the emacs package ecosystem,
Eli Zaretskii <=
- Re: Security in the emacs package ecosystem, Richard Stallman, 2023/02/20
- Re: Security in the emacs package ecosystem, Po Lu, 2023/02/20
- Re: Security in the emacs package ecosystem, chad, 2023/02/20
- Making `package-check-signature' more restrictive by default, Stefan Kangas, 2023/02/18