Re: [ANNOUNCE] Emacs 25.3 released

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Emacs 25.3 released

From:	Mike Gerwitz
Subject:	Re: [ANNOUNCE] Emacs 25.3 released
Date:	Wed, 13 Sep 2017 11:12:49 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Wed, Sep 13, 2017 at 11:42:05 +0300, Eli Zaretskii wrote:
> The full source is in the tarball, and the change was posted in advance.
> How can a Git branch increase the trust is beyond me.
>
> This certainly smells of NIH etc.

Also, the tarball was uploaded to ftp.gnu.org, and signed.  Uploading to
ftp.gnu.org itself requires the request to be signed with a GPG key
registered on Savannah.[0]  This level of security is greater and more
formal than repository commits/tags.

If someone's system were compromised to the point of being able to
successfully upload to ftp.gnu.org, chances are that they'll be able to
forge a commit to the repository as well.

[0]: 
https://www.gnu.org/prep/maintain/maintain.html#Distribution-on-ftp_002egnu_002eorg

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [ANNOUNCE] Emacs 25.3 released, (continued)
- Re: [ANNOUNCE] Emacs 25.3 released, Philippe Vaucher, 2017/09/12

Prev by Date: Re: [ANNOUNCE] Emacs 25.3 released
Next by Date: Re: line-pixel-height beyond eol
Previous by thread: Re: [ANNOUNCE] Emacs 25.3 released
Next by thread: Re: [ANNOUNCE] Emacs 25.3 released
Index(es):
- Date
- Thread