[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is melpa just unsigned?
From: |
Michael Heerdegen |
Subject: |
Re: is melpa just unsigned? |
Date: |
Fri, 19 May 2023 02:02:59 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Samuel Wales <samologist@gmail.com> writes:
> as a debian user, i am used to all packages AND the package list being
> signed [i think]. i do not know all the security implications of not
> signing an archive list, but it sounds dodgy. in any case, the error
> should definitely not be there?
>
> if the archive contents file is not signed, what does htis mean in
> practice? what are the attack vectors?
If you get no answers here... since Melpa is not part of Emacs, maybe you
have more luck if you ask the Melpa people?
Michael.
- is melpa just unsigned?, Samuel Wales, 2023/05/18
- Re: is melpa just unsigned?,
Michael Heerdegen <=
- Re: is melpa just unsigned?, Emanuel Berg, 2023/05/21
- Re: is melpa just unsigned?, Michael Heerdegen, 2023/05/21
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/22
- Re: is melpa just unsigned?, Platon Pronko, 2023/05/22
- RE: [External] : Re: is melpa just unsigned?, Drew Adams, 2023/05/22
- Re: is melpa just unsigned?, Daniel Fleischer, 2023/05/23
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/26
- Re: is melpa just unsigned?, Björn Bidar, 2023/05/29