Re: Problems with new semantic package

> |--==> "VS" == Ville Skytt <Ville> writes: > > VS> On Mon, 2002-08-12 at 09:30, Ovidiu Predescu wrote: >>> I was thinking what would be the best way to do this, to avoid > security issues as well. Is there an Xemacs way to cryptographically > sign files, which is independent on external packages like gpg or > pgp? Or should I rely instead on Java security? > > VS> Hmm, the mailcrypt package? But it needs pgp/gpg... is that a VS> > problem? xslt-process could always require mailcrypt in XEmacs. > > Hi Ovidiu! > > We've just added a new package to XEmacs called "ecrypto", this sounds > like something it could handle. It hasn't been released in the > mainline packages yet, but it is in Pre-Release. That package only contains low-level functions, I don't think you can digitally sign anything in a useful way using that code. I think this really must be designed into the package system itself -- packages should be signed, and the package installer should verify it against a XEmacs Release Manager certificate. This is how RPM do it. Mailcrypt has the required functionality though. And GPG or OpenSSL will be needed unless we want to implement OpenPGP/PKIX in elisp.