From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Daiki Ueno <ueno@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: security of the emacs package system, elpa, melpa and marmalade
Date: Sun, 29 Sep 2013 13:49:36 -0400
Message-ID: <m37gdzv7pr.fsf-ueno@gnu.org>
References: <523FEE1B.9020408@binary-island.eu>
	<jwvy56n7hsj.fsf-monnier+emacs@gnu.org>
	<87y56gymvz.fsf@flea.lifelogs.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1380476987 2493 80.91.229.3 (29 Sep 2013 17:49:47 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 29 Sep 2013 17:49:47 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Sep 29 19:49:51 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VQL7t-0000D6-Vs
	for ged-emacs-devel@m.gmane.org; Sun, 29 Sep 2013 19:49:50 +0200
Original-Received: from localhost ([::1]:45520 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VQL7t-0005Yi-7E
	for ged-emacs-devel@m.gmane.org; Sun, 29 Sep 2013 13:49:49 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51780)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1VQL7q-0005Yc-7u
	for emacs-devel@gnu.org; Sun, 29 Sep 2013 13:49:47 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ueno@gnu.org>) id 1VQL7p-0004gr-AB
	for emacs-devel@gnu.org; Sun, 29 Sep 2013 13:49:46 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51699)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ueno@gnu.org>)
	id 1VQL7p-0004gn-6w
	for emacs-devel@gnu.org; Sun, 29 Sep 2013 13:49:45 -0400
Original-Received: from du-a.org ([2001:e41:db5e:fb14::1]:36085
	helo=localhost.localdomain)
	by fencepost.gnu.org with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ueno@gnu.org>) id 1VQL7o-0006AD-CC
	for emacs-devel@gnu.org; Sun, 29 Sep 2013 13:49:45 -0400
In-Reply-To: <87y56gymvz.fsf@flea.lifelogs.com> (Ted Zlatanov's message of
	"Sun, 29 Sep 2013 05:53:36 -0400")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:163716
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/163716>

Ted Zlatanov <tzz@lifelogs.com> writes:

> On Mon, 23 Sep 2013 10:17:33 -0400 Stefan Monnier
> SM> The current state, AFAIK is that we decided that ELPA servers should
> SM> put *.gpg signatures alongside their tarballs and other files, signed
> SM> with an "archive" key.  This signature can be used to check that the
> SM> package you get indeed comes from that archive.
>
> SM> In terms of code, it's not implemented yet, AFAIK (IIRC Ted is working
> SM> on it).
>
> VERY slowly.  I tried to get back to it, only to find out (see other
> thread under subject "bad epg.el+GPG2 behavior: unavoidable passphrase
> pinentry prompt") that GPG2 is practically unusable.  Frustrating.

I don't see much relation between this and what Stefan is talking above.
For signature verification, passphrase prompt shouldn't be used, since
it does not require any secret key operation.

For signing with an "archive" key, do you really want to do that with
Emacs, instead of other handy scripting languages?

> As I've mentioned in the past, I dislike relying on an external binary
> like GPG to do encryption so this is pushing me again towards a more
> built-in Lispy way to do signing of packages.  Opinions welcome,
> especially if you can think of a way that Emacs can sign files in a
> similar way to GPG keys in Lisp.

I remember that you asked this in the past, and I answered that it might
make some sense as long as the code produces a signature in a
standardized format as GPG does.  You then responded that you didn't
have enough knowledge to implement it.

I don't think it is a constructive attitude to repeat the same argument
without any outcomes and even omitting the background.

Regards,
-- 
Daiki Ueno