From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: package.el + DVCS for security and convenience
Date: Fri, 04 Jan 2013 11:05:12 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87hamxndc7.fsf@lifelogs.com>
References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com>
	<87obhmzl2f.fsf@bzg.ath.cx>
	<20121222141742.7494b429fe36e5ccef50cf6f@gmail.com>
	<87d2y2w9j5.fsf@uwakimon.sk.tsukuba.ac.jp> <87wqwas0gr.fsf@bzg.ath.cx>
	<87d2y2p6d7.fsf@bzg.ath.cx> <87sj6xg9p2.fsf_-_@lifelogs.com>
	<jwvhanbfmwh.fsf-monnier+emacs@gnu.org> <87k3s78hsc.fsf@lifelogs.com>
	<jwv38ypl6yw.fsf-monnier+emacs@gnu.org> <87ehi65uv4.fsf@lifelogs.com>
	<jwva9sqcjc1.fsf-monnier+emacs@gnu.org>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1357315534 1795 80.91.229.3 (4 Jan 2013 16:05:34 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 4 Jan 2013 16:05:34 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jan 04 17:05:51 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Tr9mH-0003q3-2q
	for ged-emacs-devel@m.gmane.org; Fri, 04 Jan 2013 17:05:49 +0100
Original-Received: from localhost ([::1]:40288 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Tr9m1-00050M-QA
	for ged-emacs-devel@m.gmane.org; Fri, 04 Jan 2013 11:05:33 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:33827)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Tr9ly-000503-39
	for emacs-devel@gnu.org; Fri, 04 Jan 2013 11:05:31 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Tr9lu-0004JN-SI
	for emacs-devel@gnu.org; Fri, 04 Jan 2013 11:05:30 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:50346)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Tr9lu-0004JC-La
	for emacs-devel@gnu.org; Fri, 04 Jan 2013 11:05:26 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Tr9m5-0003fK-31
	for emacs-devel@gnu.org; Fri, 04 Jan 2013 17:05:37 +0100
Original-Received: from c-65-96-148-157.hsd1.ma.comcast.net ([65.96.148.157])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 04 Jan 2013 17:05:37 +0100
Original-Received: from tzz by c-65-96-148-157.hsd1.ma.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 04 Jan 2013 17:05:37 +0100
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 19
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-65-96-148-157.hsd1.ma.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux)
Cancel-Lock: sha1:lcajhkh1jGisyinqp3dNLwuhw4U=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:156080
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/156080>

On Thu, 03 Jan 2013 11:41:10 -0500 Stefan Monnier <monnier@iro.umontreal.ca> wrote: 

SM> The important thing is that GPG can always be installed, so if the user
SM> cares about checking integrity, she can install GPG.

OK, we're using GPG as you described.

Now, since everyone but Xue Fuqiao has told me that tying package.el to
the DVCS is a bad idea, we need to decide how these signatures will be
stored in the ELPA, and how they can fit into the existing ELPA
structure.  Nic Ferrier's proposal of a "key package" seems workable;
that package can be signed with the GNU ELPA maintainer's public key to
bootstrap the rest of the process.

I asked Tom Tromey and Phil Hagelberg for suggestions but haven't heard
back yet.  I'd like to get their take and yours before jumping to the
coding stage.

Ted