From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konstantin Kliakhandler Subject: Why no secure code retrieval Date: Tue, 28 Jun 2016 15:10:54 +0300 Message-ID: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a114243608c70ec05365588a4 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50321) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bHrrK-0007NS-JG for emacs-orgmode@gnu.org; Tue, 28 Jun 2016 08:11:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bHrrI-0006VK-Ky for emacs-orgmode@gnu.org; Tue, 28 Jun 2016 08:11:17 -0400 Received: from mail-wm0-x234.google.com ([2a00:1450:400c:c09::234]:38691) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bHrrI-0006V9-Ae for emacs-orgmode@gnu.org; Tue, 28 Jun 2016 08:11:16 -0400 Received: by mail-wm0-x234.google.com with SMTP id r201so24668648wme.1 for ; Tue, 28 Jun 2016 05:11:15 -0700 (PDT) List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: "Emacs-orgmode" To: emacs-orgmode@gnu.org --001a114243608c70ec05365588a4 Content-Type: text/plain; charset=UTF-8 Hello everyone, I have continually been perplexed by the (apparent) lack of ways to retrieve the code for org-mode in a secure fashion, but always thought that I just haven't tried hard enough. Today it dawned on me that there probably simply is no such way. I know that https can be a bit tedious to setup so I am not asking for it (though I do think it would be great if it was enabled on the site in some fashion). However, gpg signing release tag commits is dead simple and would take a total of maybe 10 minutes of work over the lifetime of the project (please correct me if I'm wrong). Given this, is there a reason this is not being done? And if there is no reason, would it be possible to begin doing it, going forward? Thanks in advance for the consideration, Kosta --001a114243608c70ec05365588a4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello everyone,

I have continually been perplexed by the (apparent) lack of ways to retr= ieve the code for org-mode in a secure fashion, but always thought that I j= ust haven't tried hard enough. Today it dawned on me that there probabl= y simply is no such way.

I know that https can be = a bit tedious to setup so I am not asking for it (though I do think it woul= d be great if it was enabled on the site in some fashion). However, gpg sig= ning release tag commits is dead simple and would take a total of maybe 10 = minutes of work over the lifetime of the project (please correct me if I= 9;m wrong). Given this, is there a reason this is not being done?

And if there is no reason, would it be possible to begin do= ing it, going forward?

Thanks in advance for the c= onsideration,
Kosta
--001a114243608c70ec05365588a4--