emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA security


From: Achim Gratz
Subject: Re: ELPA security
Date: Tue, 08 Jan 2013 18:59:02 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2.91 (gnu/linux)

Stefan Monnier writes:
> Actually, I see a problem with this scheme, now that we also keep around
> older versions of the packages.  So maybe it's better to keep the
> signatures in a separate file, next to the signed file (e.g. have foo.tar
> and foo.tar.gpgsig).

Then maybe the file listed in the package vector should be the *.gpgsig
one, since otherwise it becomes easy to bypass the check by filtering
out any traces of the signature file.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs




reply via email to

[Prev in Thread] Current Thread [Next in Thread]