[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Ted Zlatanov |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 13:37:53 -0500 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Tue, 08 Jan 2013 18:59:02 +0100 Achim Gratz <address@hidden> wrote:
AG> Stefan Monnier writes:
>> Actually, I see a problem with this scheme, now that we also keep around
>> older versions of the packages. So maybe it's better to keep the
>> signatures in a separate file, next to the signed file (e.g. have foo.tar
>> and foo.tar.gpgsig).
AG> Then maybe the file listed in the package vector should be the *.gpgsig
AG> one, since otherwise it becomes easy to bypass the check by filtering
AG> out any traces of the signature file.
Excellent point!
Ted
- Re: ELPA security, (continued)
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Achim Gratz, 2013/01/08
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Stefan Monnier, 2013/01/08