Re: [PATCH] package.el: check tarball signature

[Ted Zlatanov]

On Sat, 05 Oct 2013 09:34:52 +0900 Daiki Ueno <address@hidden> wrote: 

DU> Ted Zlatanov <address@hidden> writes:
>> I can put up my current patch for review but I still have HMAC, maybe
>> UMAC, and RSA+DSA+ECC crypto to finish.  The hashing methods and the
>> ciphers in ECB, CBC, and CTR modes are done with tests.  Should I make a
>> Bazaar branch for that work?  Is anyone interested in reviewing it?

DU> Probably I should shut up, but...

DU> Does that mean all the package signatures will be signed/verified with
DU> your own "Emacs internal" signature format, and all the packagers will
DU> need to use your tool and Emacs, instead of GPG, right?

No.  After I have the basic needs done, I will start on an OpenPGP
protocol emulation.

DU> That is what I opposed again and again and suggested to use a standard
DU> format.

Well, OpenPGP is fairly standard, although there are many versions.
I'll do my best to be GnuPG-compatible, but my primary goal will be
OpenPGP compatibility as in RFC 4880.

Ted