From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Matthias Dahl Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Mon, 30 Sep 2013 17:10:43 +0200 Message-ID: <52499473.50707@binary-island.eu> References: <523FEE1B.9020408@binary-island.eu> <87y56gymvz.fsf@flea.lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1380555838 31499 80.91.229.3 (30 Sep 2013 15:43:58 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 30 Sep 2013 15:43:58 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 30 17:44:02 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VQfdg-0005EU-Rw for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 17:44:00 +0200 Original-Received: from localhost ([::1]:49894 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfdg-0006D1-Hl for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 11:44:00 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47956) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQf7d-0006DD-1q for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:10:58 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VQf7W-0006Kz-Sy for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:10:52 -0400 Original-Received: from hemera.binary-island.eu ([97.107.138.233]:59251) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQf7W-0006Kg-Bu for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:10:46 -0400 Original-Received: from [10.0.0.20] (95-88-238-193-dynip.superkabel.de [95.88.238.193]) by hemera.binary-island.eu (Postfix) with ESMTPSA id 09F913C083 for ; Mon, 30 Sep 2013 11:12:57 -0400 (EDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: <87y56gymvz.fsf@flea.lifelogs.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 97.107.138.233 X-Mailman-Approved-At: Mon, 30 Sep 2013 11:43:58 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163735 Archived-At: Hello... > I would propose using the signature files above to provide that wall, > so auto-signing should not be done. Instead a maintainer team should > review changes that need to go up on the GNU ELPA. Ted, that would be really nice to have but as it was brought up earlier in this thread, this is not gonna happen. And I can honestly understand why it can't happen. The amount of manpower required to really do this properly, is not something that could be easily shouldered by a team of trusted volunteers in a timely manner. So long, Matthias -- Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu services: custom software [desktop, mobile, web], server administration