From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: ELPA security Date: Tue, 08 Jan 2013 15:50:42 -0500 Message-ID: References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> <87k3rrr31g.fsf@Rainer.invalid> <874nium8h0.fsf@lifelogs.com> <87zk0ljaub.fsf@lifelogs.com> <87wqvng299.fsf@lifelogs.com> <87ehhveg4s.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1357678254 13867 80.91.229.3 (8 Jan 2013 20:50:54 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 8 Jan 2013 20:50:54 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 08 21:51:10 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Tsg8X-0001SZ-4f for ged-emacs-devel@m.gmane.org; Tue, 08 Jan 2013 21:51:05 +0100 Original-Received: from localhost ([::1]:55741 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsg8H-0006XW-B4 for ged-emacs-devel@m.gmane.org; Tue, 08 Jan 2013 15:50:49 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:57793) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsg8E-0006XO-Sb for emacs-devel@gnu.org; Tue, 08 Jan 2013 15:50:47 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Tsg8D-0003AU-1q for emacs-devel@gnu.org; Tue, 08 Jan 2013 15:50:46 -0500 Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:38808) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Tsg8C-0003AL-Tj for emacs-devel@gnu.org; Tue, 08 Jan 2013 15:50:44 -0500 Original-Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id r08KohwQ017736; Tue, 8 Jan 2013 15:50:43 -0500 Original-Received: by pastel.home (Postfix, from userid 20848) id DAA3A59230; Tue, 8 Jan 2013 15:50:42 -0500 (EST) In-Reply-To: <87ehhveg4s.fsf@lifelogs.com> (Ted Zlatanov's message of "Tue, 08 Jan 2013 12:30:59 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4455=0 X-NAI-Spam-Version: 2.2.0.9309 : core <4455> : streams <887658> : uri <1314171> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 132.204.246.20 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:156159 Archived-At: > 1) sign `archive-contents' in the cron job when it's generated into > `archive-contents.gpgsig' with the GNU ELPA maintainer key. Not sure this needs to be signed. But if you want to do it, that's fine. > 3.1) If GPG is not available and the ELPA archive is to be verified, we > prompt the user to override it once or abort. They won't be allowed to > override it permanently from the prompt--they have to `M-x > customize-variable' to do it. The prompt will be scary. I don't see a strong need to be scary here. Just ask the user something like "Can't verify package signature; continue? (y/n)". > 5) The GNU ELPA maintainer key will be shipped with the Emacs package.el. > Does all of that sound good? Pretty much, yes. I do wonder about key management, tho: the GNU ELPA key (note: not "maintainer" because the key does not belong to any human being) will not last for ever. We don't have to figure out all the details now, but it would be good to make sure that when the key needs to be replaced, we can do so without too much trouble. Stefan