[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security issues in Emacs packages
From: |
Jean Louis |
Subject: |
Re: Security issues in Emacs packages |
Date: |
Thu, 26 Nov 2020 08:53:42 +0300 |
User-agent: |
Mutt/2.0 (3d08634) (2020-11-07) |
* Greg Minshall <minshall@umich.edu> [2020-11-26 08:29]:
> Tim,
>
> > I think you missed my point. There is no benefit in MELPA adopting
> > signed packages because there is no formal code review and no vetting
> > of the individuals who submit the code.
>
> it occurs to me there might be one benefit: if George, whom you trust,
> says, "I've been running version 1.2.3 of package xYandZ from MELPA and
> i have a lot of confidence in it", then if you find that version of that
> package with a trusted MELPA signature, you maybe know that you and
> George are running the same software. i.e., it helps with the "web of
> trust" (if people still talk of that).
>
> (so, the requirement for this is not audited packages, but a solid,
> "secure", release procedure by MELPA.)
Maybe principles from Freenet Web of Trust could be somehow
implemented for Emacs users and our discussions.
https://www.draketo.de/english/freenet/friendly-communication-with-anonymity
- Re: Security issues in Emacs packages, (continued)
- Re: Security issues in Emacs packages, Greg Minshall, 2020/11/26
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/26
- Re: Security issues in Emacs packages, Greg Minshall, 2020/11/26
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/26
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/26
- Re: Security issues in Emacs packages, Greg Minshall, 2020/11/26
- Re: Security issues in Emacs packages,
Jean Louis <=
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Tim Cross, 2020/11/25
- Local variables insecurities - Re: One vs many directories, Jean Louis, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Eric S Fraga, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Jean Louis, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Eric S Fraga, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Jean Louis, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Tim Cross, 2020/11/25
- Re: Local variables insecurities - Re: One vs many directories, Jean Louis, 2020/11/25