From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Signing local variable lists. Date: Thu, 08 Apr 2004 10:57:46 -0400 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: Reply-To: rms@gnu.org NNTP-Posting-Host: deer.gmane.org X-Trace: sea.gmane.org 1081436774 26453 80.91.224.253 (8 Apr 2004 15:06:14 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 8 Apr 2004 15:06:14 +0000 (UTC) Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Thu Apr 08 17:06:06 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1BBb6U-0007a2-00 for ; Thu, 08 Apr 2004 17:06:06 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1BBb6T-0005pr-00 for ; Thu, 08 Apr 2004 17:06:05 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.30) id 1BBb5Z-0002O9-U8 for emacs-devel@quimby.gnus.org; Thu, 08 Apr 2004 11:05:09 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.30) id 1BBb01-0006TH-Tb for emacs-devel@gnu.org; Thu, 08 Apr 2004 10:59:25 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.30) id 1BBazF-0005rP-5J for emacs-devel@gnu.org; Thu, 08 Apr 2004 10:59:10 -0400 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.30) id 1BBayQ-0005D9-PG for emacs-devel@gnu.org; Thu, 08 Apr 2004 10:57:46 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.24) id 1BBayQ-0006Y7-B6; Thu, 08 Apr 2004 10:57:46 -0400 Original-To: emacs-devel@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:21373 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:21373 To: rms@gnu.org Subject: Re: Is this a bad idea? In-Reply-To: From: Hugo Gayosso Original-Original-Sender: hugo@gnu.org Mail-Host-Address: gnu.org Organization: The GNU Project Date: 07 Apr 2004 21:30:06 -0400 Sender: GNU User X-Spam-Status: No, hits=-5.4 required=5.0 tests=IN_REP_TO,PGP_SIGNATURE,QUOTED_EMAIL_TEXT,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_GNUS_UA version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Since you have some understanding of security issues, > what do you think of this suggestion? >> Ok, I have had an idea which might be stupid or not. And it might >> also have political implications which I am too stupid to see. I just >> want to put it out. Ok, I will answer putting any "political implications" aside as I don't understand exactly what he meant with that. > How about the following then? > > ;;; Local variables: > ;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun) > ;;; end: > ;;; gpg-signed: iD8DBQFAbwnJBo350SLJfmgRAhf9AKCFvutpMNxc4oGK/vh2fdVV0MT/dgCeJn66 > ;;; Qc8BXtn2zlGbofY2YMLIAg8= > ;;; =s5sr > > Something like that. I would then customize a variable that tells > whose signatures I trust enough not to get the stupid question again > and again. I think it is OK. * User A attaches the signature to the block. This part needs to be worked out exactly which format, the way I did it in Emacs was via 'mc-sign' and it generated the following: - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ;;; Local variables: ;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun) ;;; end: - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdKlzMNObVRBZveYRAu5JAJ9y+5wq23ikydU0HzrQ9wiJfYW0YQCeNxl0 xX90PViGg/sfK+YxBZ/roVg= =HShG - -----END PGP SIGNATURE----- > Obviously, this also makes it possible for me to look at the local > variable block once, decide that it is good enough for me, and sign > it. I could think in another scheme where the same block can be signed by different people at the same time, so in theory the more signatures it has, the most trust you can have that it is the real thing. The signatures could be stored in the same file, or we could have a special directory where you store signatures and a table that shows to which file they belong. > Any change in local variables will render the signature invalid, of > course. I agree. Hope it helps, - -- Hugo Gayosso -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdKsdMNObVRBZveYRAochAJ0c8ZltlFw9TpFwZFyxP/qGHmddkgCfaLgm 2oSdu2V02mMrGALMe4H0aMw= =rrej -----END PGP SIGNATURE-----