[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is melpa just unsigned?
|
From: |
Emanuel Berg |
|
Subject: |
Re: is melpa just unsigned? |
|
Date: |
Sat, 20 May 2023 21:00:10 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
>> as a debian user, i am used to all packages AND the package
>> list being signed [i think].
Here are some 733 lines to read how they do it for Debian:
https://www.debian.org/doc/manuals/securing-debian-manual/deb-pack-sign.en.html
>> what are the attack vectors?
Malicious code inserted into the software supply chain *ka-boom*
> If you get no answers here... since Melpa is not part of
> Emacs, maybe you have more luck if you ask the Melpa people?
You mean they don't read here? :(
--
underground experts united
https://dataswamp.org/~incal
- is melpa just unsigned?, Samuel Wales, 2023/05/18
- Re: is melpa just unsigned?, Michael Heerdegen, 2023/05/18
- Re: is melpa just unsigned?,
Emanuel Berg <=
- Re: is melpa just unsigned?, Michael Heerdegen, 2023/05/21
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/22
- Re: is melpa just unsigned?, Platon Pronko, 2023/05/22
- RE: [External] : Re: is melpa just unsigned?, Drew Adams, 2023/05/22
- Re: is melpa just unsigned?, Daniel Fleischer, 2023/05/23
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/26
- Re: is melpa just unsigned?, Björn Bidar, 2023/05/29