From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Joseph Gay Newsgroups: gmane.emacs.devel Subject: convenient digital signing for el files and snippets Date: Wed, 09 Mar 2011 00:12:13 -0600 Message-ID: <87k4g83jr6.fsf@geneva.hpsy.me> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1299651934 15436 80.91.229.12 (9 Mar 2011 06:25:34 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 9 Mar 2011 06:25:34 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Mar 09 07:25:29 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PxCpo-000841-4v for ged-emacs-devel@m.gmane.org; Wed, 09 Mar 2011 07:25:24 +0100 Original-Received: from localhost ([127.0.0.1]:56741 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PxCpn-0004jj-HY for ged-emacs-devel@m.gmane.org; Wed, 09 Mar 2011 01:25:23 -0500 Original-Received: from [140.186.70.92] (port=41538 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1PxCpc-0004jQ-3G for emacs-devel@gnu.org; Wed, 09 Mar 2011 01:25:13 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1PxCpb-0001CS-1f for emacs-devel@gnu.org; Wed, 09 Mar 2011 01:25:12 -0500 Original-Received: from lo.gmane.org ([80.91.229.12]:44534) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PxCpa-0001C3-Ng for emacs-devel@gnu.org; Wed, 09 Mar 2011 01:25:10 -0500 Original-Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PxCpU-0007y3-PV for emacs-devel@gnu.org; Wed, 09 Mar 2011 07:25:04 +0100 Original-Received: from adsl-89-38-168.mgm.bellsouth.net ([98.89.38.168]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 09 Mar 2011 07:25:04 +0100 Original-Received: from gilleylen by adsl-89-38-168.mgm.bellsouth.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 09 Mar 2011 07:25:04 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 45 Original-X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: adsl-89-38-168.mgm.bellsouth.net User-Agent: Gnus/5.110014 (No Gnus v0.14) Emacs/23.2 (gnu/linux) Cancel-Lock: sha1:0WhsgUSF7MF+62EtcK4LwcTHKSI= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 80.91.229.12 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:136937 Archived-At: Hi, I noticed a recent discussion regarding trust with emacswiki et al, and I have a half-baked idea for increasing user convenience. I'm posting here for help in gauging viability and usefulness or lack thereof. In short, add an Emacs command/function to sign an elisp file or snippet with a comment indicating the signer and signature, and another command/function to verify the signature. Usage scenario: With something like el-get or autoinstall, it is easy to update a large library or module from emacswiki or other public URI. However, it is always advisable to check the diff prior to updating since it is hard to be sure who made what changes. However, if the file was signed, and contained the signature, it would be trivial to see whether the signature is valid using a trusted public key, and let the user know if not and then decide what to do (look at a diff, look up the key, view changelogs, etc.). Convenience comes from knowing when a file or snippet is modified by someone you trust, and thus not having to scan through myriad diffs and look for possible problems. Technical details: Sign a sha1 hash of the file or snippet contents with any existing signature information removed. Signature for a file is a comment before the ;;; .el ends here line like ;; Signed . A signature for a snippet starts ;;; snip and ends with the signature line. In this fashion, it should be possible to have a file containing multiple signed snippets as well as a signed file. The Emacs command would take care of signing with the user's preferred key and adding the required comment lines. There would be one signature (if any), per snippet or file, simply indicating the last person claiming to be responsible for a particular sha1. If that person is trusted, and the sha1 matches, all is well. This is not applicable to git controlled files as git already provides a sha1 for the entire repo and allows annotated tags to be signed. I'd be happy to implement this functionality if it could work. Any thoughts?