Re: Problems with new semantic package

Ovidiu> I think Xemacs needs to have cryptographically signed Ovidiu> packages by default on its main site. Right now we don't Ovidiu> do any check to verify the authenticity of the packages, We have MD5 checksums available; MD5 failures are the most common single package bug. This could easily (I think) be upgraded to individual GPG signatures, and Steve did sign the checksum list. Ovidiu> and a malicious hacker might easily change the packages. Hell, Ovidiu, we don't know whether _you_ are a white hat or a black hat. Or me, for that matter. (Dennis Ritchie is a confessed white hat.) There are easier ways to suborn the packages than breaking security on Tux or the maintainers' personal machines. IMHO if someone worries enough about security that they worry about XEmacs Lisp packages, they should not have an Emacs of any flavor installed at all. We take some care with shells and things like that to prevent echoing of passwords, but I regularly get cleartext when I upgrade ssh or fiddle with my password prompt regexp. Other than that simple service to users, Emacs is a security hole waiting to happen. Hell, we've at least suggested massive security violations ourselves (Steve Y once suggested automatically including init.el and custom.el in the automatic bug report, for example). We do include the last 300 keystrokes automatically. Etc, etc. That said, I don't disagree with signing the packages. But we should make absolutely clear that this is a consistency check, not a serious security measure. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN My nostalgia for Icon makes me forget about any of the bad things. I don't have much nostalgia for Perl, so its faults I remember. Scott Gilbert c.l.py