[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Stefan Monnier |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 12:00:26 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
> OK, so the package vector will have a new element. Releasing a package
> will require releasing a new `archive-contents' with an updated
> signature for that package and re-signing it with the "GNU ELPA"
> maintainer key.
Actually, I see a problem with this scheme, now that we also keep around
older versions of the packages. So maybe it's better to keep the
signatures in a separate file, next to the signed file (e.g. have foo.tar
and foo.tar.gpgsig).
Stefan
- Re: ELPA security, (continued)
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security,
Stefan Monnier <=
- Re: ELPA security, Achim Gratz, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08