From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] package.el: check tarball signature Date: Sat, 05 Oct 2013 14:40:46 +0900 Message-ID: <87zjqol1gh.fsf@uwakimon.sk.tsukuba.ac.jp> References: <874n92x9em.fsf@flea.lifelogs.com> <87fvsk9m8b.fsf-ueno@gnu.org> <877gdutp1l.fsf@flea.lifelogs.com> <83pprkc02t.fsf@gnu.org> <87fvsgspq3.fsf@flea.lifelogs.com> <8761tcpnbn.fsf-ueno@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1380951672 5144 80.91.229.3 (5 Oct 2013 05:41:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 5 Oct 2013 05:41:12 +0000 (UTC) Cc: emacs-devel@gnu.org To: Daiki Ueno Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Oct 05 07:41:14 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VSKc4-0000sE-7K for ged-emacs-devel@m.gmane.org; Sat, 05 Oct 2013 07:41:12 +0200 Original-Received: from localhost ([::1]:50711 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSKc3-0001Fv-OM for ged-emacs-devel@m.gmane.org; Sat, 05 Oct 2013 01:41:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56184) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSKbv-0001Fi-Eu for emacs-devel@gnu.org; Sat, 05 Oct 2013 01:41:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VSKbn-0003CC-Ej for emacs-devel@gnu.org; Sat, 05 Oct 2013 01:41:03 -0400 Original-Received: from mgmt1.sk.tsukuba.ac.jp ([130.158.97.223]:43032) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSKbn-0003AB-48; Sat, 05 Oct 2013 01:40:55 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt1.sk.tsukuba.ac.jp (Postfix) with ESMTP id D88B83FA0A15; Sat, 5 Oct 2013 14:40:46 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id B92921A389D; Sat, 5 Oct 2013 14:40:46 +0900 (JST) In-Reply-To: <8761tcpnbn.fsf-ueno@gnu.org> X-Mailer: VM undefined under 21.5 (beta34) "kale" 182d01410b8d XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 130.158.97.223 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163868 Archived-At: Daiki Ueno writes: > Ted Zlatanov writes: > > > I can put up my current patch for review but I still have HMAC, maybe > > UMAC, and RSA+DSA+ECC crypto to finish. The hashing methods and the > > ciphers in ECB, CBC, and CTR modes are done with tests. Should I make a > > Bazaar branch for that work? Is anyone interested in reviewing it? > > Probably I should shut up, but... Please don't. You seem to be the only sane voice[1] in the crowd. Not that I agree 100% with everything you've written, but at least you have the security mindset. Everybody else seems to think this is like fixing any other bug. > Does that mean all the package signatures will be signed/verified with > your own "Emacs internal" signature format, and all the packagers will > need to use your tool and Emacs, instead of GPG, right? He has suggested that, but AFAIK he doesn't insist on it. Still, the whole idea worries me; there's no reason to suppose it will increase security, and Ted never has seemed to grasp that security is not a SMOP, nor that security is inherently inconvenient. Quis custodiat ipsos custodes? Do you really want to put a possible fox in charge of the security check at the henhouse door? > That is what I opposed again and again and suggested to use a standard > format. +1 Footnotes: [1] I don't understand security well enough to claim to be a sane voice, but at least I know how little I know.