[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Ted Zlatanov |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 16:30:52 -0500 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Tue, 08 Jan 2013 15:50:42 -0500 Stefan Monnier <address@hidden> wrote:
>> 1) sign `archive-contents' in the cron job when it's generated into
>> `archive-contents.gpgsig' with the GNU ELPA maintainer key.
SM> Not sure this needs to be signed. But if you want to do it, that's fine.
I guess there's no need, so OK, no signing of `archive-contents'.
>> 3.1) If GPG is not available and the ELPA archive is to be verified, we
>> prompt the user to override it once or abort. They won't be allowed to
>> override it permanently from the prompt--they have to `M-x
>> customize-variable' to do it. The prompt will be scary.
SM> I don't see a strong need to be scary here. Just ask the user something
SM> like "Can't verify package signature; continue? (y/n)".
OK.
>> 5) The GNU ELPA maintainer key will be shipped with the Emacs package.el.
>> Does all of that sound good?
SM> I do wonder about key management, tho: the GNU ELPA key (note: not
SM> "maintainer" because the key does not belong to any human being)
SM> will not last for ever.
I thought the maintainers would have their own keys, and they would sign
a GNU ELPA "signing subkey" that's only used for releasing.
SM> We don't have to figure out all the details now, but it would be
SM> good to make sure that when the key needs to be replaced, we can do
SM> so without too much trouble.
Debian has good docs on this:
http://www.debian-administration.org/article/450/Generating_a_revocation_certificate_with_gpg
http://www.debian-administration.org/article/451/Submitting_your_GPG_key_to_a_keyserver
http://www.debian-administration.org/article/452/Using_gnupg-agent_to_securely_retain_keys
...and the GPG handbook talks about these topics as well:
http://www.gnupg.org/gph/en/manual.html#AEN385
http://www.gnupg.org/gph/en/manual.html#AEN464
http://www.gnupg.org/gph/en/manual.html#AEN526
Take a look. I think a signing subkey will work, but will let you
judge. If you think this is workable, I'll start on the code and put
together a POC.
Ted
- Re: ELPA security, (continued)
- Re: ELPA security, chad, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stephen J. Turnbull, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Achim Gratz, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08