From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Kelly Dean Newsgroups: gmane.emacs.devel Subject: Re: Emacs package manager vulnerable to replay attacks Date: Tue, 24 Feb 2015 08:47:23 +0000 Message-ID: References: <87iogt8ipi.fsf@violet.siamics.net> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1424767759 8668 80.91.229.3 (24 Feb 2015 08:49:19 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 24 Feb 2015 08:49:19 +0000 (UTC) Cc: 19479@debbugs.gnu.org, emacs-devel@gnu.org To: Ivan Shmakov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Feb 24 09:49:06 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1YQBAr-0001Gg-Ub for ged-emacs-devel@m.gmane.org; Tue, 24 Feb 2015 09:49:02 +0100 Original-Received: from localhost ([::1]:47404 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YQBAr-0004F9-4T for ged-emacs-devel@m.gmane.org; Tue, 24 Feb 2015 03:49:01 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43246) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YQBAo-0004Ey-0f for emacs-devel@gnu.org; Tue, 24 Feb 2015 03:48:58 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YQBAi-0008Gh-NN for emacs-devel@gnu.org; Tue, 24 Feb 2015 03:48:57 -0500 Original-Received: from relay4-d.mail.gandi.net ([2001:4b98:c:538::196]:35698) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YQBAi-0008G2-HF for emacs-devel@gnu.org; Tue, 24 Feb 2015 03:48:52 -0500 Original-Received: from mfilter16-d.gandi.net (mfilter16-d.gandi.net [217.70.178.144]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id 03DAB172081; Tue, 24 Feb 2015 09:48:47 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mfilter16-d.gandi.net X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "Cc" Original-Received: from relay4-d.mail.gandi.net ([217.70.183.196]) by mfilter16-d.gandi.net (mfilter16-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id iffBTboRSMlU; Tue, 24 Feb 2015 09:48:45 +0100 (CET) X-Originating-IP: 66.220.3.179 Original-Received: from localhost (gm179.geneticmail.com [66.220.3.179]) (Authenticated sender: kelly@prtime.org) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 962B4172077; Tue, 24 Feb 2015 09:48:43 +0100 (CET) In-Reply-To: <87iogt8ipi.fsf@violet.siamics.net> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4b98:c:538::196 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:183443 Archived-At: Note, I'm not implementing the metadata-replay fix, because it's unlikely my patch would be accepted, so somebody else will need to do it. See my January 11th message to bug #19479 for a description of how to do it.