[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security issues in Emacs packages
From: |
Greg Minshall |
Subject: |
Re: Security issues in Emacs packages |
Date: |
Thu, 26 Nov 2020 08:29:02 +0300 |
Tim,
> I think you missed my point. There is no benefit in MELPA adopting
> signed packages because there is no formal code review and no vetting
> of the individuals who submit the code.
it occurs to me there might be one benefit: if George, whom you trust,
says, "I've been running version 1.2.3 of package xYandZ from MELPA and
i have a lot of confidence in it", then if you find that version of that
package with a trusted MELPA signature, you maybe know that you and
George are running the same software. i.e., it helps with the "web of
trust" (if people still talk of that).
(so, the requirement for this is not audited packages, but a solid,
"secure", release procedure by MELPA.)
cheers, Greg
- Re: One vs many directories, (continued)
- Re: One vs many directories, Tim Cross, 2020/11/25
- Security issues in Emacs packages, Jean Louis, 2020/11/25
- Re: Security issues in Emacs packages, tomas, 2020/11/25
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/25
- Re: Security issues in Emacs packages, tomas, 2020/11/25
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/25
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/25
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/25
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/26
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/26
- Re: Security issues in Emacs packages,
Greg Minshall <=
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/26
- Re: Security issues in Emacs packages, Greg Minshall, 2020/11/26
- Re: Security issues in Emacs packages, Tim Cross, 2020/11/26
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/26
- Re: Security issues in Emacs packages, Greg Minshall, 2020/11/26
- Re: Security issues in Emacs packages, Jean Louis, 2020/11/26
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Jean Louis, 2020/11/24
- Re: One vs many directories, Tim Cross, 2020/11/25
- Local variables insecurities - Re: One vs many directories, Jean Louis, 2020/11/25