[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#61277: FR: ELPA security - Restrict package builds to signed git com
From: |
Richard Stallman |
Subject: |
bug#61277: FR: ELPA security - Restrict package builds to signed git commits |
Date: |
Wed, 15 Feb 2023 00:17:21 -0500 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> There could also be a breach on the server where the git repository is
> hosted. The repository could be manipulated directly on the server. It
> is not that likely but if such incidents happen they have a huge
> fallout. I also expect that more and more people move their
> :auto-sync'ed git repositories to private servers or smaller forges,
> which may not be as protected as the most popular ones.
Do we know of any security experts who appeciate the moral principles
of free software, who could help us come up with methods that properly
handle both?
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, (continued)
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Eli Zaretskii, 2023/02/07
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Stefan Kangas, 2023/02/12
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Richard Stallman, 2023/02/15
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Stefan Kangas, 2023/02/15
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Stefan Monnier, 2023/02/15
- bug#61277: FR: ELPA security - Restrict package builds to signed git commits, Richard Stallman, 2023/02/25