[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Daiki Ueno |
Subject: |
Re: ELPA security |
Date: |
Sat, 29 Jun 2013 01:15:17 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> Would it be better to follow the steps here than to have a separate
> directory? Or maybe we should do a separate key ring AND an alternative
> directory?
I think using the separate directory only is a bit better here, because
of flexibility:
1. users could have separate preference for elpa keys, using gpg.conf or
trustdb.gpg in the directory
2. package.el could display which keys are changed/imported in the ring,
when the ring (on the web) is changed
It might look overkill to have a separate directory, but actually GPGME,
on which epg.el is modelled, only provides the directory option. Also
some tools follow this way (e.g. caff in Debian signing-party package).
Regards,
--
Daiki Ueno
- Re: ELPA security, (continued)
- Re: ELPA security, Ted Zlatanov, 2013/06/17
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Nic Ferrier, 2013/06/28
- Re: ELPA security, Daiki Ueno, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security,
Daiki Ueno <=