Re: [patch] enhancements to package-ui.el

Pete> When I originally wrote the code, one thing I was concerned Pete> about was XEmacs being easily exploited for trojan horse Pete> attacks. Good. I disagree with Greg Klandermann here; you need to cater to the _most_ paranoid among us, not the _least_. Pete> I pictured two distribution methods for package-get-base.el. Pete> It either gets sent with the entire distribution (which are Pete> signed). If that is corrupted, well you have bigger Pete> problems anyway. The second was a periodic posting to a Pete> newsgroup/mailing list. This just isn't going to work. Packages are updated asynchronously; I would use a signature verifier if it can be done conveniently, but if I have to coordinate with another source for a signed package-get-base.el, I would defeat it or not use package-get. Pete> Presumably, such an article would be PGP signed and could be Pete> verified as being from the poster. What's wrong with PGP signing package-get-base.el and updates themselves? I don't know much about the signature implementation, but even if the signature can't be packed into a Lisp comment or a separate file, a function which reads package-get-base.el into a buffer, executes PGP (if available and requested) to verify the signature, and trims the signature should be trivial, shouldn't it? Having such a function would also encourage use of the PGP signature; even people with PGP installed might not be willing to go to the trouble to verify if they had to do it by hand or configure it themselves. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +1 (298) 53-5091