From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Philip Kaludercic <philipk@posteo.net>
Newsgroups: gmane.emacs.bugs
Subject: bug#66414: GNU ELPA: Require signed tags to release new package
 versions
Date: Mon, 09 Oct 2023 09:01:29 +0000
Message-ID: <871qe4maom.fsf@posteo.net>
References: <CADwFkm=pdagsFnyy1wWwXS+R5AOn6yyuN+y2+oCY9GCzhEUcXQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="19771"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 66414@debbugs.gnu.org, yantar92@posteo.net, monnier@iro.umontreal.ca
To: Stefan Kangas <stefankangas@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Oct 09 11:02:12 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1qpm9T-0004lb-WB
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 09 Oct 2023 11:02:12 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1qpm97-00023L-EA; Mon, 09 Oct 2023 05:01:49 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qpm91-000230-QQ
 for bug-gnu-emacs@gnu.org; Mon, 09 Oct 2023 05:01:44 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qpm8z-0005wb-2K
 for bug-gnu-emacs@gnu.org; Mon, 09 Oct 2023 05:01:43 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qpm9J-00061f-HD
 for bug-gnu-emacs@gnu.org; Mon, 09 Oct 2023 05:02:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Philip Kaludercic <philipk@posteo.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 09 Oct 2023 09:02:01 +0000
Resent-Message-ID: <handler.66414.B66414.169684212023156@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 66414
X-GNU-PR-Package: emacs
Original-Received: via spool by 66414-submit@debbugs.gnu.org id=B66414.169684212023156
 (code B ref 66414); Mon, 09 Oct 2023 09:02:01 +0000
Original-Received: (at 66414) by debbugs.gnu.org; 9 Oct 2023 09:02:00 +0000
Original-Received: from localhost ([127.0.0.1]:59271 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qpm9I-00061Q-G3
 for submit@debbugs.gnu.org; Mon, 09 Oct 2023 05:02:00 -0400
Original-Received: from mout01.posteo.de ([185.67.36.65]:53253)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <philipk@posteo.net>) id 1qpm9G-000619-0m
 for 66414@debbugs.gnu.org; Mon, 09 Oct 2023 05:01:59 -0400
Original-Received: from submission (posteo.de [185.67.36.169]) 
 by mout01.posteo.de (Postfix) with ESMTPS id 50249240028
 for <66414@debbugs.gnu.org>; Mon,  9 Oct 2023 11:01:31 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1696842091; bh=uzT/lCVtBzzYUeC83PdPe3eekW1TSMaWU1yFPQSvhe4=;
 h=From:To:Cc:Subject:Autocrypt:Date:Message-ID:MIME-Version:From;
 b=C1lhGO/ScUwNzgkMUDyDzPPpeXogn+55kEqZxgRUmBxJjT90XMCjURWnoRPF8Tb1j
 7Xj1DRdfDQglGQYVg6ErK+fT5S02jGg9ddxcGEZ8xERignHqM0orlAXO1F44j1SQcf
 ONaBnRCvlJI6G4G7HhuTjgnN13LkfGIzPXEK2jJ1X69pqUcKLGHnbgUxf0CMg9TP1V
 6+jTjePaMPcT+CB8mb6AMd0wlN/HwzyrTXKgujTxEi4D1ackxetWlQfHAA77u4sHE+
 ZREpD0byB8+n8jKK+lLlUmmdTn/mgH67UZ7hfLawO9idFGURnjt3OJYIRRR3b/BdAq
 GLxsFg6Y+vPXg==
Original-Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4S3tLf2Bs2z6tsg;
 Mon,  9 Oct 2023 11:01:30 +0200 (CEST)
In-Reply-To: <CADwFkm=pdagsFnyy1wWwXS+R5AOn6yyuN+y2+oCY9GCzhEUcXQ@mail.gmail.com>
 (Stefan Kangas's message of "Mon, 9 Oct 2023 07:15:47 +0000")
Autocrypt: addr=philipk@posteo.net; keydata=
 mDMEZBBQQhYJKwYBBAHaRw8BAQdAHJuofBrfqFh12uQu0Yi7mrl525F28eTmwUDflFNmdui0QlBo
 aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0
 ZW8ubmV0PoiWBBMWCAA+FiEEDg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwMFCQHhM4AFCwkI
 BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8xYDWXahwulikAEA77hloUiSrXgFkUVJhlKBpLCHUjA0
 mWZ9j9w5d08+jVwBAK6c4iGP7j+/PhbkxaEKa4V3MzIl7zJkcNNjHCXmvFcEuDgEZBBQQhIKKwYB
 BAGXVQEFAQEHQI5NLiLRjZy3OfSt1dhCmFyn+fN/QKELUYQetiaoe+MMAwEIB4h+BBgWCAAmFiEE
 Dg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwwFCQHhM4AACgkQ8xYDWXahwukm+wEA8cml4JpK
 NeAu65rg+auKrPOP6TP/4YWRCTIvuYDm0joBALw98AMz7/qMHvSCeU/hw9PL6u6R2EScxtpKnWof
 z4oM
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:272133
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/272133>

Stefan Kangas <stefankangas@gmail.com> writes:

> Severity: wishlist
>
> I propose optionally releasing a new version of packages on
> NonGNU/GNU ELPA only if there is a valid PGP signature.  We can't make
> it mandatory, at the very least not initially, because it would break
> too many existing workflows.

I am not sure what the context here is, so sorry for the potentially
stupid question, but what PGP signatures are we talking about?  Are you
suggesting that the commit should be signed?

> The standard feature to do that in git would be a signed git tag.
> However, (Non-)GNU ELPA currently rebuilds package tarballs every time
> the "Version" comment header is updated, while git tags are ignored.
>
> Forwarded from
>
>     https://lists.gnu.org/r/emacs-devel/2023-02/msg00120.html