Re: security of the emacs package system, elpa, melpa and marmalade

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security of the emacs package system, elpa, melpa and marmalade

From:	Stephen J. Turnbull
Subject:	Re: security of the emacs package system, elpa, melpa and marmalade
Date:	Mon, 30 Sep 2013 23:50:57 +0900

Ted Zlatanov writes:

 > Hmm, looks like libnettle (brought in with GnuTLS) already provides most
 > of the infrastructure needed.  The question for me is, should I bother
 > with a full OpenPGP signature emulation,

No, don't just "emulate" it, implement the protocol accurately.

 > or is it sufficient to implement RSA/DSA/EC-based signatures for
 > Emacs internal use only?

No.  In security, multiple implementations are a very good thing as
long as they're used to cross-check correct implementation of a
protocol and don't define their own protocols.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: security of the emacs package system, elpa, melpa and marmalade, (continued)

Prev by Date: Re: security of the emacs package system, elpa, melpa and marmalade
Next by Date: RE: Changes in revision 114466
Previous by thread: Re: security of the emacs package system, elpa, melpa and marmalade
Next by thread: Re: security of the emacs package system, elpa, melpa and marmalade
Index(es):
- Date
- Thread