From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] package.el: check tarball signature Date: Fri, 04 Oct 2013 22:23:06 +0300 Message-ID: <83pprkc02t.fsf@gnu.org> References: <874n92x9em.fsf@flea.lifelogs.com> <87fvsk9m8b.fsf-ueno@gnu.org> <877gdutp1l.fsf@flea.lifelogs.com> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1380914613 27194 80.91.229.3 (4 Oct 2013 19:23:33 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 4 Oct 2013 19:23:33 +0000 (UTC) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Oct 04 21:23:35 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VSAyN-0001Ym-Ag for ged-emacs-devel@m.gmane.org; Fri, 04 Oct 2013 21:23:35 +0200 Original-Received: from localhost ([::1]:49336 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSAyM-00030i-SP for ged-emacs-devel@m.gmane.org; Fri, 04 Oct 2013 15:23:34 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53418) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSAyD-0002yF-VC for emacs-devel@gnu.org; Fri, 04 Oct 2013 15:23:31 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VSAy8-00080Q-4n for emacs-devel@gnu.org; Fri, 04 Oct 2013 15:23:25 -0400 Original-Received: from mtaout20.012.net.il ([80.179.55.166]:34681) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSAy7-00080E-SG for emacs-devel@gnu.org; Fri, 04 Oct 2013 15:23:20 -0400 Original-Received: from conversion-daemon.a-mtaout20.012.net.il by a-mtaout20.012.net.il (HyperSendmail v2007.08) id <0MU500D00S729G00@a-mtaout20.012.net.il> for emacs-devel@gnu.org; Fri, 04 Oct 2013 22:23:18 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout20.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0MU500D5ZSIT8F30@a-mtaout20.012.net.il>; Fri, 04 Oct 2013 22:23:18 +0300 (IDT) In-reply-to: X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: Solaris 10 X-Received-From: 80.179.55.166 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163861 Archived-At: > From: Stefan Monnier > Date: Thu, 03 Oct 2013 11:01:43 -0400 > > > +(defcustom package-check-signature 'allow-unsigned > > + "Whether to check package signatures when installing." > > + :type '(choice (const nil :tag "Never") > > + (const allow-unsigned :tag "Allow unsigned") > > + (const t :tag "Check always")) > > + :risky t > > + :group 'package > > + :version "24.1") > > IMHO this should be per archive, not global. WDYT? > > Actually, let's wait. If all turn out well, most/all ELPA archives will > start providing signatures in the not too distant future and there'll be > no need for per-archive settings (and we can change the default to t). Are you saying that verification will not need gpg be installed?