[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Stephen J. Turnbull |
Subject: |
Re: ELPA security |
Date: |
Mon, 17 Jun 2013 10:56:28 +0900 |
Stefan Monnier writes:
> And maybe automatically eliminate an archive from that "not signed"
> list if we ever find a signature in it.
If this is about security rather than adding to your BrightShinyThings
collection, you should have a signed-and-verified-and-checked-for-
expired-or-revoked-on-$DATE list, and eliminate any packages from the
list if they fail any of the hyphenated conditions.
And of course you probably want $DATE to change frequently.
And the list should be signed....
- Re: ELPA security, Ted Zlatanov, 2013/06/16
- Re: ELPA security, Ted Zlatanov, 2013/06/17
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28