emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security issues in Emacs packages


From: Jean Louis
Subject: Re: Security issues in Emacs packages
Date: Thu, 26 Nov 2020 08:53:42 +0300
User-agent: Mutt/2.0 (3d08634) (2020-11-07)

* Greg Minshall <minshall@umich.edu> [2020-11-26 08:29]:
> Tim,
> 
> > I think you missed my point. There is no benefit in MELPA adopting
> > signed packages because there is no formal code review and no vetting
> > of the individuals who submit the code.
> 
> it occurs to me there might be one benefit: if George, whom you trust,
> says, "I've been running version 1.2.3 of package xYandZ from MELPA and
> i have a lot of confidence in it", then if you find that version of that
> package with a trusted MELPA signature, you maybe know that you and
> George are running the same software.  i.e., it helps with the "web of
> trust" (if people still talk of that).
> 
> (so, the requirement for this is not audited packages, but a solid,
> "secure", release procedure by MELPA.)

Maybe principles from Freenet Web of Trust could be somehow
implemented for Emacs users and our discussions.
https://www.draketo.de/english/freenet/friendly-communication-with-anonymity




reply via email to

[Prev in Thread] Current Thread [Next in Thread]