From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: ELPA security Date: Sun, 16 Jun 2013 19:12:02 -0400 Message-ID: References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> <87k3rrr31g.fsf@Rainer.invalid> <874nium8h0.fsf@lifelogs.com> <87zk0ljaub.fsf@lifelogs.com> <87wqvng299.fsf@lifelogs.com> <87ip77y2s9.fsf@Rainer.invalid> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1371424328 5482 80.91.229.3 (16 Jun 2013 23:12:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 16 Jun 2013 23:12:08 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jun 17 01:12:08 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UoM7E-0004kU-Am for ged-emacs-devel@m.gmane.org; Mon, 17 Jun 2013 01:12:08 +0200 Original-Received: from localhost ([::1]:38850 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UoM7D-00065p-OR for ged-emacs-devel@m.gmane.org; Sun, 16 Jun 2013 19:12:07 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42887) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UoM7A-00065h-Ij for emacs-devel@gnu.org; Sun, 16 Jun 2013 19:12:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1UoM79-0003DU-LV for emacs-devel@gnu.org; Sun, 16 Jun 2013 19:12:04 -0400 Original-Received: from ironport2-out.teksavvy.com ([206.248.154.182]:10620) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1UoM79-0003DN-HA for emacs-devel@gnu.org; Sun, 16 Jun 2013 19:12:03 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av4EABK/CFFFpZVy/2dsb2JhbABEvw4Xc4IeAQEEAVYoCws0EhQYDYhCBsEtjWGDKQOkeoFegxM X-IPAS-Result: Av4EABK/CFFFpZVy/2dsb2JhbABEvw4Xc4IeAQEEAVYoCws0EhQYDYhCBsEtjWGDKQOkeoFegxM X-IronPort-AV: E=Sophos;i="4.84,565,1355115600"; d="scan'208";a="16519155" Original-Received: from 69-165-149-114.dsl.teksavvy.com (HELO fmsmemgm.homelinux.net) ([69.165.149.114]) by ironport2-out.teksavvy.com with ESMTP/TLS/ADH-AES256-SHA; 16 Jun 2013 19:11:57 -0400 Original-Received: by fmsmemgm.homelinux.net (Postfix, from userid 20848) id 90331AE2E3; Sun, 16 Jun 2013 19:12:02 -0400 (EDT) In-Reply-To: (Ted Zlatanov's message of "Sun, 16 Jun 2013 07:18:56 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 206.248.154.182 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:160479 Archived-At: > * add `package-signed-archives', a list of logical archive names with > default '("gnu"). Add `package-archive-signed-p' to check it. I'd opt for the opposite, i.e. list the archives that aren't signed. And maybe automatically eliminate an archive from that "not signed" list if we ever find a signature in it. > If you're OK with the code changes I'll get them working and start > implementing `package--verify-signature'. Go ahead, Stefan