[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Achim Gratz |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 18:59:02 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.2.91 (gnu/linux) |
Stefan Monnier writes:
> Actually, I see a problem with this scheme, now that we also keep around
> older versions of the packages. So maybe it's better to keep the
> signatures in a separate file, next to the signed file (e.g. have foo.tar
> and foo.tar.gpgsig).
Then maybe the file listed in the package vector should be the *.gpgsig
one, since otherwise it becomes easy to bypass the check by filtering
out any traces of the signature file.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs
- Re: ELPA security, (continued)
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security,
Achim Gratz <=
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08