unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Signing local variable lists.
@ 2004-04-08 14:57 Richard Stallman
  2004-04-09 22:44 ` Richard Stallman
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Stallman @ 2004-04-08 14:57 UTC (permalink / raw)


To: rms@gnu.org
Subject: Re: Is this a bad idea?
In-Reply-To: <E1BANif-0006Ra-Sm@fencepost.gnu.org>
From: Hugo Gayosso <hugo@gnu.org>
Original-Original-Sender: hugo@gnu.org
Mail-Host-Address: gnu.org
Organization: The GNU Project
Date: 07 Apr 2004 21:30:06 -0400
Sender: GNU User <hgayosso@myrealbox.com>
X-Spam-Status: No, hits=-5.4 required=5.0
	tests=IN_REP_TO,PGP_SIGNATURE,QUOTED_EMAIL_TEXT,REFERENCES,
	      REPLY_WITH_QUOTES,USER_AGENT_GNUS_UA
	version=2.55
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Since you have some understanding of security issues,
> what do you think of this suggestion?

>> Ok, I have had an idea which might be stupid or not.  And it might
>> also have political implications which I am too stupid to see.  I just
>> want to put it out.

Ok, I will answer putting any "political implications" aside as I
don't understand exactly what he meant with that.


> How about the following then?
> 
> ;;; Local variables:
> ;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun)
> ;;; end:
> ;;; gpg-signed: iD8DBQFAbwnJBo350SLJfmgRAhf9AKCFvutpMNxc4oGK/vh2fdVV0MT/dgCeJn66
> ;;; Qc8BXtn2zlGbofY2YMLIAg8=
> ;;; =s5sr
> 
> Something like that.  I would then customize a variable that tells
> whose signatures I trust enough not to get the stupid question again
> and again.

I think it is OK.


* User A attaches the signature to the block.

  This part needs to be worked out exactly which format, the way I did
  it in Emacs was via 'mc-sign' and it generated the following:

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

;;; Local variables:
;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun)
;;; end:
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAdKlzMNObVRBZveYRAu5JAJ9y+5wq23ikydU0HzrQ9wiJfYW0YQCeNxl0
xX90PViGg/sfK+YxBZ/roVg=
=HShG
- -----END PGP SIGNATURE-----


> Obviously, this also makes it possible for me to look at the local
> variable block once, decide that it is good enough for me, and sign
> it.

I could think in another scheme where the same block can be signed by
different people at the same time, so in theory the more signatures it
has, the most trust you can have that it is the real thing.

The signatures could be stored in the same file, or we could have a
special directory where you store signatures and a table that shows to
which file they belong.


> Any change in local variables will render the signature invalid, of
> course.

I agree.


Hope it helps,
- -- 
Hugo Gayosso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAdKsdMNObVRBZveYRAochAJ0c8ZltlFw9TpFwZFyxP/qGHmddkgCfaLgm
2oSdu2V02mMrGALMe4H0aMw=
=rrej
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-04-12  3:51 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-08 14:57 Signing local variable lists Richard Stallman
2004-04-09 22:44 ` Richard Stallman
2004-04-10  8:54   ` Jason Rumney
2004-04-12  3:51     ` Richard Stallman

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).