From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Vasilij Schneidermann Newsgroups: gmane.emacs.devel Subject: Re: Proposal to include obligatory PGP verification of packages from any repository Date: Tue, 20 Oct 2020 18:17:41 +0200 Message-ID: <20201020161741.GG1842@odonien.localdomain> References: <20201013052736.GE31408@protected.rcdrun.com> <20201016130235.06218dae@argon> <87eelvplvh.fsf@posteo.net> <10bdf4ea-e365-cc3d-ec03-4348946fadbe@yandex.ru> <20201019124335.GC19325@protected.rcdrun.com> <20201019182828.GB1842@odonien.localdomain> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sClP8c1IaQxyux9v" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14723"; mail-complaints-to="usenet@ciao.gmane.io" Cc: philipk@posteo.net, bugs@gnu.support, thibaut.verron@gmail.com, mve1@runbox.com, emacs-devel@gnu.org, dgutov@yandex.ru To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Oct 20 18:37:04 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kUudE-0003is-21 for ged-emacs-devel@m.gmane-mx.org; Tue, 20 Oct 2020 18:37:04 +0200 Original-Received: from localhost ([::1]:35476 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kUudD-0006DX-0j for ged-emacs-devel@m.gmane-mx.org; Tue, 20 Oct 2020 12:37:03 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43014) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUuKd-0007Aa-VH for emacs-devel@gnu.org; Tue, 20 Oct 2020 12:17:51 -0400 Original-Received: from mout-p-102.mailbox.org ([80.241.56.152]:52330) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1kUuKb-0006ZU-Ds; Tue, 20 Oct 2020 12:17:51 -0400 Original-Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:105:465:1:2:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4CFzLL1ns1zQlLp; Tue, 20 Oct 2020 18:17:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Original-Received: from smtp2.mailbox.org ([80.241.60.241]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id q3eirfqtk1Oj; Tue, 20 Oct 2020 18:17:42 +0200 (CEST) Mail-Followup-To: Richard Stallman , bugs@gnu.support, dgutov@yandex.ru, mve1@runbox.com, philipk@posteo.net, thibaut.verron@gmail.com, emacs-devel@gnu.org Content-Disposition: inline In-Reply-To: X-Rspamd-Score: -3.19 / 15.00 / 15.00 X-Rspamd-Queue-Id: EBEA11711 X-Rspamd-UID: 289b0f Received-SPF: pass client-ip=80.241.56.152; envelope-from=mail@vasilij.de; helo=mout-p-102.mailbox.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/20 12:17:46 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:258196 Archived-At: --sClP8c1IaQxyux9v Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > I have not tried to study each point in your message -- there were so > many -- but I noticed criticism of Savannah for not offering > two-factor authentication. >=20 > When I was asked to do this, I couldn't do it, because it depended on > carrying a protable listening and surveillance device (aka cellular > phone). MIT had to make a special exception for me, turning that > requirement off, when it demanded that I access its administrative > systems. >=20 > Savannah must not do this if it requires the user to use nonfree > programs. There are many ways of doing 2FA and normally it's opt-in. > If people are interested in discussing this point, let's use > gnu-prog-discuss@gnu.org as it is off-topic here. Sure, please include me in your mail there as I'm not subscribed to that mailing list. I could probably help out with the security side of Savannah. --sClP8c1IaQxyux9v Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE0dAcySl3bqM8O17WFmfJg6zCifoFAl+PDZwACgkQFmfJg6zC ifq5UAgAuAthN/22gWYP3DI78wsbBQnkFyPGqmv1JLa36yDZsMDAYdP593mKtokw R7w+VZF7gtjvC4JUbV/BFaH3ltP1HVAZuV8L+M/kAd5ekWsBxVTBIq+a5H46ZhbK HKMe2g1v3YxFims3y35v4vdI5kFuH69mANnPwXsvfbkcHj9xVQ++9dxCMWw3xq1o Y4+g9XA54XhGoQ2y0rTKC73+tcOYlA1Bb8ZZMknqvdUad8LO2xP/J+0PYFhk+FLB PCdZcXpjMZglr1kzQHFuzj6dW7mkogEImwCwQG9gpxDH8BPbYnEMyeUaXnWwSj8/ P37iOSpDT6xGGXKyPmjxq60ExIrvxg== =nVQe -----END PGP SIGNATURE----- --sClP8c1IaQxyux9v--