From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: package.el + DVCS for security and convenience
Date: Mon, 31 Dec 2012 17:50:07 -0500 [thread overview]
Message-ID: <87txr1zvj4.fsf@lifelogs.com> (raw)
In-Reply-To: 87ip7ing01.fsf@enigma.home.hagelb.org
On Mon, 31 Dec 2012 12:06:22 -0800 Phil Hagelberg <phil@hagelb.org> wrote:
PH> I don't see any benefit to using version control tools on the client
PH> side. It may make sense to use them to build the repository, but having
PH> the repository consist simply of a pile of static files on disk is a
PH> very valuable property that we shouldn't give up lightly.
I proposed some benefits in my followup to Nic Ferrier and before. But
it seems that the consensus from you, him, and Tom is to avoid the DVCS
integration, so I'll drop the proposal. Unless my eloquence has
convinced you all in the meanwhile :)
PH> Adding SSL to the existing implementation would be fairly easy and has
PH> no downsides, so it should be done soon; it's low-hanging fruit that can
PH> be improved quicker than adding signatures.
I worry it will lower the incentive to do the signature work, and SSL is
known to be compromised at many levels.
PH> I would just like to add that I consider writing an OpenPGP
PH> implementation in Emacs to be a very bad idea--we simply do not have the
PH> resources to get the auditing that would be necessary to get this to a
PH> level of quality that we could trust. Using GnuPG would be both quicker
PH> to implement and result in much higher-quality code. If there are
PH> concerns that people may not use it because it's difficult to install
PH> then our efforts would be better spent on making it easier to
PH> install.
OK. Stefan asked for GnuPG as well, so an OpenPGP implementation is not
happening anytime soon.
PH> I'm very glad to see movement on this front though--the current state of
PH> affairs is an improvement over everyone pulling packages in from the
PH> wiki but still has a long way to go before it's something properly
PH> trustworthy.
Your opinions and expertise are greatly appreciated (and also Tom, Nic,
Stefan, Stephen, and everyone else who has contributed to the threads).
Ted
next prev parent reply other threads:[~2012-12-31 22:50 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-09 14:41 ELPA security George Kadianakis
2012-12-09 21:00 ` Nic Ferrier
2012-12-21 14:32 ` Ted Zlatanov
2012-12-21 22:12 ` Xue Fuqiao
2012-12-22 5:07 ` Bastien
2012-12-22 6:17 ` Xue Fuqiao
2012-12-22 12:34 ` Stephen J. Turnbull
2012-12-22 13:03 ` Bastien
2012-12-22 13:24 ` Bastien
2012-12-22 19:37 ` package.el + DVCS for security and convenience (was: ELPA security) Ted Zlatanov
2012-12-24 12:53 ` package.el + DVCS for security and convenience Nic Ferrier
2012-12-24 12:55 ` Bastien
2012-12-24 13:38 ` Ted Zlatanov
2012-12-24 13:39 ` Xue Fuqiao
2012-12-24 16:17 ` Stefan Monnier
2012-12-24 17:46 ` Ted Zlatanov
2012-12-25 1:03 ` Stephen J. Turnbull
2012-12-26 14:22 ` Ted Zlatanov
2012-12-27 3:06 ` Stephen J. Turnbull
2012-12-27 8:56 ` Xue Fuqiao
2012-12-31 11:18 ` Ted Zlatanov
2012-12-31 12:32 ` Stephen J. Turnbull
2012-12-31 13:50 ` Ted Zlatanov
2012-12-31 16:47 ` Stephen J. Turnbull
2012-12-31 21:41 ` Ted Zlatanov
2012-12-29 6:19 ` Stefan Monnier
2012-12-31 11:22 ` Ted Zlatanov
2013-01-03 16:41 ` Stefan Monnier
2013-01-04 16:05 ` Ted Zlatanov
2013-01-04 18:11 ` Stefan Monnier
2013-01-04 19:06 ` Ted Zlatanov
2013-01-05 3:25 ` Stephen J. Turnbull
2013-01-06 19:20 ` Ted Zlatanov
2013-01-07 2:03 ` Stephen J. Turnbull
2013-01-07 14:47 ` Ted Zlatanov
2013-01-08 1:44 ` Stephen J. Turnbull
2013-01-08 15:15 ` Ted Zlatanov
2013-01-08 17:53 ` Stephen J. Turnbull
2013-01-08 18:46 ` Ted Zlatanov
2013-01-08 21:20 ` Stefan Monnier
2013-01-09 2:37 ` Stephen J. Turnbull
2013-01-08 2:20 ` Stephen J. Turnbull
2013-01-08 14:05 ` Xue Fuqiao
2013-01-04 22:21 ` Xue Fuqiao
2012-12-31 20:06 ` Re:package.el + DVCS for security and convenience (was: ELPA security) Phil Hagelberg
2012-12-31 22:50 ` Ted Zlatanov [this message]
2012-12-22 16:20 ` ELPA security Stefan Monnier
2012-12-26 17:32 ` Paul Nathan
2012-12-31 11:50 ` Ted Zlatanov
2012-12-31 12:34 ` Stephen J. Turnbull
2012-12-31 13:39 ` Package signing infrastructure suggestion (was Re: ELPA security) Nic Ferrier
2012-12-31 22:32 ` Ted Zlatanov
2012-12-31 23:01 ` Xue Fuqiao
2012-12-31 19:48 ` ELPA security Tom Tromey
2012-12-31 19:57 ` Drew Adams
2012-12-31 22:19 ` Ted Zlatanov
2012-12-31 22:15 ` Ted Zlatanov
2013-01-05 16:46 ` Achim Gratz
2013-01-06 19:12 ` Ted Zlatanov
2013-01-07 5:32 ` Paul Nathan
2013-01-07 5:47 ` Jambunathan K
2013-01-07 5:53 ` Paul Nathan
2013-01-07 6:09 ` Jambunathan K
2013-01-07 6:20 ` Paul Nathan
2013-01-07 7:12 ` Stephen J. Turnbull
2013-01-07 7:18 ` chad
2013-01-07 14:34 ` Ted Zlatanov
2013-01-07 6:57 ` Stephen J. Turnbull
2013-01-07 14:35 ` Ted Zlatanov
2013-01-07 15:01 ` Ted Zlatanov
2013-01-08 3:07 ` Stefan Monnier
2013-01-08 14:47 ` Ted Zlatanov
2013-01-08 16:57 ` Stefan Monnier
2013-01-08 17:30 ` Ted Zlatanov
2013-01-08 20:50 ` Stefan Monnier
2013-01-08 21:30 ` Ted Zlatanov
2013-01-08 22:46 ` Stefan Monnier
2013-01-08 23:30 ` Ted Zlatanov
2013-03-12 18:29 ` Ted Zlatanov
2013-01-08 17:00 ` Stefan Monnier
2013-01-08 17:59 ` Achim Gratz
2013-01-08 18:37 ` Ted Zlatanov
2013-01-08 20:59 ` Stefan Monnier
2013-06-16 11:18 ` Ted Zlatanov
2013-06-16 23:12 ` Stefan Monnier
2013-06-17 1:56 ` Stephen J. Turnbull
2013-06-17 7:23 ` Ted Zlatanov
2013-06-17 15:54 ` Stephen J. Turnbull
2013-06-28 15:34 ` Ted Zlatanov
2013-06-17 14:34 ` Stefan Monnier
2013-06-17 7:20 ` Ted Zlatanov
2013-06-19 5:02 ` Ted Zlatanov
2013-06-19 12:38 ` Stefan Monnier
2013-06-23 11:58 ` Ted Zlatanov
2013-06-23 16:41 ` Stefan Monnier
2013-06-28 15:47 ` Ted Zlatanov
2013-06-28 16:28 ` Nic Ferrier
2013-06-28 22:49 ` Stefan Monnier
2013-06-24 3:44 ` Daiki Ueno
2013-06-28 15:32 ` Ted Zlatanov
2013-06-28 16:15 ` Daiki Ueno
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87txr1zvj4.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.