From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.devel Subject: Re: package.el + DVCS for security and convenience Date: Mon, 31 Dec 2012 17:50:07 -0500 Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos Message-ID: <87txr1zvj4.fsf@lifelogs.com> References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> <87obhmzl2f.fsf@bzg.ath.cx> <20121222141742.7494b429fe36e5ccef50cf6f@gmail.com> <87d2y2w9j5.fsf@uwakimon.sk.tsukuba.ac.jp> <87wqwas0gr.fsf@bzg.ath.cx> <87d2y2p6d7.fsf@bzg.ath.cx> <87sj6xg9p2.fsf_-_@lifelogs.com> <87ip7ing01.fsf@enigma.home.hagelb.org> Reply-To: emacs-devel@gnu.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1356994226 22501 80.91.229.3 (31 Dec 2012 22:50:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 31 Dec 2012 22:50:26 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Dec 31 23:50:43 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TpoBu-0001H6-SN for ged-emacs-devel@m.gmane.org; Mon, 31 Dec 2012 23:50:42 +0100 Original-Received: from localhost ([::1]:59364 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpoBg-0002EF-1z for ged-emacs-devel@m.gmane.org; Mon, 31 Dec 2012 17:50:28 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:49451) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpoBc-0002Dy-DP for emacs-devel@gnu.org; Mon, 31 Dec 2012 17:50:26 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TpoBb-00028z-4M for emacs-devel@gnu.org; Mon, 31 Dec 2012 17:50:24 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]:55408) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TpoBa-00028W-U3 for emacs-devel@gnu.org; Mon, 31 Dec 2012 17:50:23 -0500 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1TpoBl-00019G-1B for emacs-devel@gnu.org; Mon, 31 Dec 2012 23:50:33 +0100 Original-Received: from c-65-96-148-157.hsd1.ma.comcast.net ([65.96.148.157]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Dec 2012 23:50:33 +0100 Original-Received: from tzz by c-65-96-148-157.hsd1.ma.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 31 Dec 2012 23:50:33 +0100 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-Lines: 40 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-65-96-148-157.hsd1.ma.comcast.net X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) Cancel-Lock: sha1://sXpPjklwje351FDH5B57M5l0M= X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 80.91.229.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:156051 Archived-At: On Mon, 31 Dec 2012 12:06:22 -0800 Phil Hagelberg wrote: PH> I don't see any benefit to using version control tools on the client PH> side. It may make sense to use them to build the repository, but having PH> the repository consist simply of a pile of static files on disk is a PH> very valuable property that we shouldn't give up lightly. I proposed some benefits in my followup to Nic Ferrier and before. But it seems that the consensus from you, him, and Tom is to avoid the DVCS integration, so I'll drop the proposal. Unless my eloquence has convinced you all in the meanwhile :) PH> Adding SSL to the existing implementation would be fairly easy and has PH> no downsides, so it should be done soon; it's low-hanging fruit that can PH> be improved quicker than adding signatures. I worry it will lower the incentive to do the signature work, and SSL is known to be compromised at many levels. PH> I would just like to add that I consider writing an OpenPGP PH> implementation in Emacs to be a very bad idea--we simply do not have the PH> resources to get the auditing that would be necessary to get this to a PH> level of quality that we could trust. Using GnuPG would be both quicker PH> to implement and result in much higher-quality code. If there are PH> concerns that people may not use it because it's difficult to install PH> then our efforts would be better spent on making it easier to PH> install. OK. Stefan asked for GnuPG as well, so an OpenPGP implementation is not happening anytime soon. PH> I'm very glad to see movement on this front though--the current state of PH> affairs is an improvement over everyone pulling packages in from the PH> wiki but still has a long way to go before it's something properly PH> trustworthy. Your opinions and expertise are greatly appreciated (and also Tom, Nic, Stefan, Stephen, and everyone else who has contributed to the threads). Ted