[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Stefan Monnier |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 17:46:51 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
SM> I do wonder about key management, tho: the GNU ELPA key (note: not
SM> "maintainer" because the key does not belong to any human being)
SM> will not last for ever.
> I thought the maintainers would have their own keys, and they would sign
> a GNU ELPA "signing subkey" that's only used for releasing.
I'm sufficiently unsophisticated that I don't really know what
that means. I understands keys can expire and can be revoked, but that
doesn't say how the end-user will deal with such a situation.
We need some way to update the signing key in a trustworthy way.
Stefan
- Re: ELPA security, (continued)
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stephen J. Turnbull, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security,
Stefan Monnier <=
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Achim Gratz, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08