[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Ted Zlatanov |
|
Subject: |
Re: ELPA security |
|
Date: |
Tue, 08 Jan 2013 18:30:50 -0500 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Tue, 08 Jan 2013 17:46:51 -0500 Stefan Monnier <address@hidden> wrote:
SM> I do wonder about key management, tho: the GNU ELPA key (note: not
SM> "maintainer" because the key does not belong to any human being)
SM> will not last for ever.
>> I thought the maintainers would have their own keys, and they would sign
>> a GNU ELPA "signing subkey" that's only used for releasing.
SM> I'm sufficiently unsophisticated that I don't really know what
SM> that means. I understands keys can expire and can be revoked, but that
SM> doesn't say how the end-user will deal with such a situation.
SM> We need some way to update the signing key in a trustworthy way.
OK, I'll prepare a workflow and offer it for public review as part of
the POC.
Ted
- Re: ELPA security, (continued)
- Re: ELPA security, Stephen J. Turnbull, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Achim Gratz, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08