[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is melpa just unsigned?
|
From: |
Daniel Fleischer |
|
Subject: |
Re: is melpa just unsigned? |
|
Date: |
Tue, 23 May 2023 20:47:49 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Samuel Wales [2023-05-22 Mon 19:53] wrote:
> of course i am aware signing is only part of ensuring security,
> and melpa does curating, and authors or computers could turn evil, but
> where there is a chain that reliably goes back to an author from the
> code you dled, it's a pretty good feeling.
Not a security expert but signing helps with downloading files from
questionable hosting (usually you download the signature from the same
website, thus you solve nothing). You can skip the middleman melpa.org
and install packages directly from their respective forges, e.g. github,
gitlab, sourcehut using either something like quelpa or built-in
package-vc-install.
--
Daniel Fleischer
- is melpa just unsigned?, Samuel Wales, 2023/05/18
- Re: is melpa just unsigned?, Michael Heerdegen, 2023/05/18
- Re: is melpa just unsigned?, Emanuel Berg, 2023/05/21
- Re: is melpa just unsigned?, Michael Heerdegen, 2023/05/21
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/22
- Re: is melpa just unsigned?, Platon Pronko, 2023/05/22
- RE: [External] : Re: is melpa just unsigned?, Drew Adams, 2023/05/22
- Re: is melpa just unsigned?,
Daniel Fleischer <=
- Re: is melpa just unsigned?, Samuel Wales, 2023/05/26
- Re: is melpa just unsigned?, Björn Bidar, 2023/05/29