Re: [PATCH] package.el: check tarball signature

["Stephen J. Turnbull" <stephen@xemacs.org>]

Daiki Ueno writes:
 > Ted Zlatanov <tzz@lifelogs.com> writes:
 > 
 > > I can put up my current patch for review but I still have HMAC, maybe
 > > UMAC, and RSA+DSA+ECC crypto to finish.  The hashing methods and the
 > > ciphers in ECB, CBC, and CTR modes are done with tests.  Should I make a
 > > Bazaar branch for that work?  Is anyone interested in reviewing it?
 > 
 > Probably I should shut up, but...

Please don't.  You seem to be the only sane voice[1] in the crowd.
Not that I agree 100% with everything you've written, but at least you
have the security mindset.  Everybody else seems to think this is like
fixing any other bug.

 > Does that mean all the package signatures will be signed/verified with
 > your own "Emacs internal" signature format, and all the packagers will
 > need to use your tool and Emacs, instead of GPG, right?

He has suggested that, but AFAIK he doesn't insist on it.

Still, the whole idea worries me; there's no reason to suppose it will
increase security, and Ted never has seemed to grasp that security is
not a SMOP, nor that security is inherently inconvenient.  Quis
custodiat ipsos custodes?  Do you really want to put a possible fox in
charge of the security check at the henhouse door?

 > That is what I opposed again and again and suggested to use a standard
 > format.

+1


Footnotes: 
[1]  I don't understand security well enough to claim to be a sane
voice, but at least I know how little I know.