emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSM certificate prompt

From: Michael Albinus
Subject: Re: NSM certificate prompt
Date: Sat, 13 Dec 2014 20:16:30 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) 
Lars Magne Ingebrigtsen <address@hidden> writes:

> Eli Zaretskii <address@hidden> writes:
>
>> A middle ground would be to offer to perform an update of the
>> certificates when validation fails.
>
> Yes, that would be nice.  We'd have to have a secure way to retrieve
> those certificates, though.  Perhaps we could use GNU ELPA for this?
> Wasn't there some work done on signing packages?

That's not the crucial point. A root certificate could be compromised,
and with this compromised root certificate a validation might still
succeed when it shouldn't. ELPA does not has the means to urge a package
update of the hypothetical ca-certificates package, when a new version
appears.

And who from the core Emacs team will feel responsible to produce a new
version of that package when necessary? This must happen short-term,
which means a small security team of Emacs must observe relevant mailing
list and alike, and must react in time.

I don't believe this belongs to Emacs' core functionality. It might be
better to investigate first, whether there exist already an
infrastructure on the different supported systems we could use. Like the
Debian package I've mentioned already.

Best regards, Michael.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]