From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: ELPA security Date: Fri, 28 Jun 2013 11:32:25 -0400 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <874ncintdi.fsf@lifelogs.com> References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> <87k3rrr31g.fsf@Rainer.invalid> <874nium8h0.fsf@lifelogs.com> <87zk0ljaub.fsf@lifelogs.com> <87wqvng299.fsf@lifelogs.com> <87ip77y2s9.fsf@Rainer.invalid> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1372433561 30775 80.91.229.3 (28 Jun 2013 15:32:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 28 Jun 2013 15:32:41 +0000 (UTC) Cc: emacs-devel@gnu.org To: Daiki Ueno Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jun 28 17:32:43 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Usaf8-0001Yp-RW for ged-emacs-devel@m.gmane.org; Fri, 28 Jun 2013 17:32:39 +0200 Original-Received: from localhost ([::1]:40910 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Usaf8-0006Dm-FH for ged-emacs-devel@m.gmane.org; Fri, 28 Jun 2013 11:32:38 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34902) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Usaf3-0006Ct-C9 for emacs-devel@gnu.org; Fri, 28 Jun 2013 11:32:34 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Usaez-0004V3-F3 for emacs-devel@gnu.org; Fri, 28 Jun 2013 11:32:33 -0400 Original-Received: from mail-qa0-x22f.google.com ([2607:f8b0:400d:c00::22f]:53860) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Usaez-0004Ub-BY for emacs-devel@gnu.org; Fri, 28 Jun 2013 11:32:29 -0400 Original-Received: by mail-qa0-f47.google.com with SMTP id i13so660269qae.20 for ; Fri, 28 Jun 2013 08:32:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:x-face:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=wzO/o99fX+3ricpr8GMlYOCuqA/ZDih1lcaWi8ESQK0=; b=KYYAZEpqmoIIgddEUdi2xQDPKfSByppJGi2yALtWDIrtFfE4kxrGjEh0Jnphh145k+ 83dQ0sWzxdR3V5ADMp7HiYV1Frgga1fp4aIHORjW6trgMjSG/1fK/sXJdeiuk8a7fYsf jhrB58ocChoDAul5/7sc8PiV55GSKCTGKNQGw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:organization:references:x-face:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type:x-gm-message-state; bh=wzO/o99fX+3ricpr8GMlYOCuqA/ZDih1lcaWi8ESQK0=; b=B4E20Jzcx9RlPjLqwJ+MMrJwoPJBzuSOeNCfZtpmNzs6UeRutc6SrO6PWrsyT3SL4F 2+dfsoIZPr4uRECVw1f5y4XjfS7op/1lghTcU9Rv5ATCWmccpFQ2HU2UPXeYn8BXvF9v eexSw/banLkBH/yTbZZIgm2DVOfX9DgAlzwDX9qL5C9Hdwg+Dvu7RgORTr8idG1UUlwo hXp4cyVaZhBhQpBjuo9xEeEmB1vyhxJRsKp3j77LaIyM8ZeuENz956+uqGr/lUfA3RCd TLCGAuif7hCcxgSNKzMSc5HlhvTUu9pg9hOUukok3ppnZZGDTcbZs9Z1fAbsTeL47pZe lecA== X-Received: by 10.224.164.205 with SMTP id f13mr18982835qay.16.1372433548287; Fri, 28 Jun 2013 08:32:28 -0700 (PDT) Original-Received: from heechee (pool-72-93-34-251.bstnma.east.verizon.net. [72.93.34.251]) by mx.google.com with ESMTPSA id m2sm11900517qat.2.2013.06.28.08.32.26 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 28 Jun 2013 08:32:27 -0700 (PDT) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: (Daiki Ueno's message of "Mon, 24 Jun 2013 12:44:47 +0900") User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-Gm-Message-State: ALoCoQmKPEjYdiyA+D2w8Wd1WOodwzgUtnRLZCuBSrB+elsv91BnqTsLRuCVJwuNwscinHR2kIQA X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:400d:c00::22f X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:161235 Archived-At: On Mon, 24 Jun 2013 12:44:47 +0900 Daiki Ueno wrote: DU> Ted Zlatanov writes: TZ> Using EPG functions, however, I could not figure out how to verify with TZ> an external public GPG key. I don't see that option with any of the TZ> context functions. Perhaps someone knows? Without that option, the TZ> user has to explicitly load the maintainer's public GPG key, which is TZ> very impractical around package.el. DU> I guess you probably mean something like debian-keyring by "external DU> public GPG key", right? If so, you can use an alternative ~/.gnupg DU> directory (e.g. ~/.emacs.d/elpa/gnupg/) set through DU> epg-gpg-home-directory, and import the keyring with DU> epg-import-keys-from-file on M-x package-list-packages, etc. Would it be better to follow the steps here than to have a separate directory? Or maybe we should do a separate key ring AND an alternative directory? http://stackoverflow.com/questions/9073288/decrypt-encrypted-gpg-file-using-external-secret-key e.g. gpg --import --no-default-keyring --secret-keyring elpa maintainer.key gpg --verify file.gpgsig --secret-keyring elpa file rm ~/.gnupg/elpa.gpg DU> I'm not following the discussion nor the code, sorry if I'm missing the DU> point. Your help is appreciated in any way, of course, but this discussion in particular will make EPG a fundamental tool for most ELPA interactions, so your review would be most welcome. Ted