5:35 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey there everyone.
I have just added the following packages to the 'Pre-Releases'
directory:
please test and let us know how they go
New Packages in Pre-Release:
===========================
edit-utils-1.92-pkg.tar.gz
igrep-1.09-pkg.tar.gz
psgml-1.31-pkg.tar.gz
Previously Announced Packages Still in Pre-Release:
==================================================
build-1.07-pkg.tar.gz
docbookide-0.05-pkg.tar.gz
ecrypto-0.11-pkg.tar.gz
eieio-1.03-pkg.tar.gz
ocaml-0.02-pkg.tar.gz
sasl-1.12-pkg.tar.gz
semantic-1.14-pkg.tar.gz
sieve-1.09-pkg.tar.gz
sml-mode-0.03-pkg.tar.gz
speedbar-1.24-pkg.tar.gz
tramp-1.07-pkg.tar.gz
Detailed Changes:
================
edit-utils-1.92-pkg.tar.gz
- --------------------------
2002-08-13 Rendhalver [Peter Brown] <rendhalver(a)xemacs.org>
* Makefile (VERSION): XEmacs package 1.92 released.
2002-08-08 Adrian Aichner <adrian(a)xemacs.org>
* mic-paren.el: Sync with
http://www.emacswiki.org/elisp/mic-paren.el version 3.7 plus typo
fixes of my own.
igrep-1.09-pkg.tar.gz
- ---------------------
2002-08-13 Rendhalver [Peter Brown] <rendhalver(a)xemacs.org>
* Makefile (VERSION): XEmacs package 1.09 released.
2002-08-12 Steve Youngs <youngs(a)xemacs.org>
* Sync to upstream version 2.95.
* Makefile (all): Build autoloads first.
(REQUIRES): Add efs.
(AUTHOR_VERSION): Bump to 2.95.
psgml-1.31-pkg.tar.gz
- ---------------------
2002-08-13 Rendhalver [Peter Brown] <rendhalver(a)xemacs.org>
* Makefile (VERSION): XEmacs package 1.31 released.
2002-08-13 Ville Skyttä <ville.skytta(a)xemacs.org>
* psgml.el (xml-mode): Workaround a problem with autoload
cookies and derived modes by autoloading a dummy autoload.
Installing These:
================
Manually:
- --------
1) Download the packages that you want to install from:
/ftp.xemacs.org:/pub/xemacs/beta/experimental/packages/
2) Unpack them to: [1]
/usr/local/lib/xemacs/xemacs-packages/
3) Re-start XEmacs.
Using XEmacs Package Tools (XEmacs 21.[245].x):
- ----------------------------------------------
1) Tools -> Packages -> Add Download Site -> Pre-Releases
2) Tools -> Packages -> List and Install
3) Select the packages you wish to install (there are brief
instructions at the bottom of the packages buffer).
4) Packages -> Install/Remove Selected
5) Re-start XEmacs.
Using XEmacs Package Tools (XEmacs 21.1.14):
- -------------------------------------------
1) Options -> Manage Packages -> Add Download Site -> Pre-Releases
2) Options -> Manage Packages -> List and Install
3 - 5) As per XEmacs 21.[245].x.
Footnotes:
[1] Note: Mule packages should be installed into:
/usr/local/lib/xemacs/mule-packages/
- --
XEmacs Advocate | Do not try the patience of Wizards,
FreeBSD Devote | for they are subtle and quick to anger.
Perl Hacker | - Elric (Technomage) , Babylon 5.
Apache God | <mailto:rendhalver at xemacs.org> <GnuPG KeyID: AE51D190>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: Signed by Rendhalver part of the XEmacs team.
iD8DBQE9WIxskNWo665R0ZARAnd4AJ9mZMgYgcs73v0X+TiBRBLIGGGY9QCeIrVu
mm1ksIsYwWHRD2AQpEBO8EU=
=cLZL
-----END PGP SIGNATURE-----
9:01 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
...
edit-utils-1.92-pkg.tar.gz
One idea which would allow security minded people to at least be able to
manually verify GPG signatures on packages would be to include an MD5
checksum of the packages in these signed announcements.
Hide the checksums at the bottom of the announcement perhaps?
10:35 p.m.
|--==> "SJ" == Simon Josefsson <jas(a)extundo.com> writes:
SJ> One idea which would allow security minded people to at least
SJ> be able to manually verify GPG signatures on packages would be
SJ> to include an MD5 checksum of the packages in these signed
SJ> announcements.
Hi Simon!
Are you aware that the packages are already verified against an MD5
checksum? The checksum is in the package-index file. PUI won't
install the package if it doesn't match.
And for people running XEmacs 21.5 [1] the package-index file is GnuPG
signed and you can optionally have PUI verify the signature.
To enable this:
(setq package-get-require-signed-base-updates t)
And it would probably be a good idea to use the following settings for
GnuPG (I don't know about any other PGP package):
,----[ ~/.gnupg/options ]
| keyserver-options auto-key-retrieve
| keyserver wwwkeys.pgp.net
`----
Footnotes:
[1] IMO this code should be in 21.4 as well, I'll cons up a patch for
you, Steve T
--
|---<Steve Youngs>---------------<GnuPG KeyID: 10D5C9C5>---|
| XEmacs - It's not just an editor. |
| It's a way of life. |
|------------------------------------<youngs(a)xemacs.org>---|
11:51 p.m.
Steve Youngs <youngs(a)xemacs.org> writes:
SJ> One idea which would allow security minded people to at
least
SJ> be able to manually verify GPG signatures on packages would be
SJ> to include an MD5 checksum of the packages in these signed
SJ> announcements.
Hi Simon!
Are you aware that the packages are already verified against an MD5
checksum? The checksum is in the package-index file. PUI won't
install the package if it doesn't match.
MD5 by itself doesn't prove much though. But combined with the
signature below, it is exactly what I wanted.
And for people running XEmacs 21.5 [1] the package-index file is
GnuPG
signed and you can optionally have PUI verify the signature.
To enable this:
(setq package-get-require-signed-base-updates t)
And it would probably be a good idea to use the following settings for
GnuPG (I don't know about any other PGP package):
Cool, I was not aware of this. So I guess the only thing left is to
have people to test that setting and then make it the default. :-)
Maybe I should reconsider running from CVS just so that I can test
this feature. Hm.
2:23 a.m.
>>>> "SY" == Steve Youngs
<youngs(a)xemacs.org> writes:
SY> Footnotes: [1] IMO this code should be in 21.4 as well, I'll
SY> cons up a patch for you, Steve T
Bletch. It needs doing, but I rejected this once before, you
remember.
OK, I'll go for it in principle, but I don't promise it will go into
21.4.9.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
My nostalgia for Icon makes me forget about any of the bad things. I don't
have much nostalgia for Perl, so its faults I remember. Scott Gilbert c.l.py
4 a.m.
|--==> "SJT" == Stephen J Turnbull <stephen(a)xemacs.org> writes:
>>>>>"SY" == Steve Youngs
<youngs(a)xemacs.org> writes:
SY> Footnotes: [1] IMO this code should be in
21.4 as well, I'll
SY> cons up a patch for you, Steve T
SJT> Bletch. It needs doing, but I rejected this once before, you
SJT> remember.
I'd have to check my mail archives, but I remember it as: I said that
the PGP code wasn't ready for 21.4 (I believe that it is now).
I also ripped out the custom code from the package tools. Andy raised
some concerns about it and you wanted them resolved before it went
into 21.4. Well, I resolved them, told you, and have been waiting
patiently ever since. :-)
The big problem here is that quite often...
'cat /dev/random > /my/brain'
SJT> OK, I'll go for it in principle, but I don't promise it will go
SJT> into 21.4.9.
Cool, and I won't promise to have it ready by 21.4.9.
--
|---<Steve Youngs>---------------<GnuPG KeyID: 10D5C9C5>---|
| XEmacs - It's not just an editor. |
| It's a way of life. |
|------------------------------------<youngs(a)xemacs.org>---|
9:16 a.m.
>>>> "PB" == rendhalver
<rendhalver(a)xemacs.org> writes:
PB> Hey there everyone.
PB> I have just added the following packages to the 'Pre-Releases'
PB> directory:
PB> please test and let us know how they go
PB> New Packages in Pre-Release:
PB> ===========================
PB> edit-utils-1.92-pkg.tar.gz
PB> igrep-1.09-pkg.tar.gz
PB> psgml-1.31-pkg.tar.gz
All these installed fine:
12 lines matching ^\w+ package ` in buffer *Help: lossage*.
59:Added package `semantic'
119:Installing package `semantic' ...
210:Retrieving package `semantic-1.14-pkg.tar.gz' ...
211:Added package `psgml'
271:Installing package `psgml' ...
385:Retrieving package `psgml-1.31-pkg.tar.gz' ...
386:Added package `igrep'
451:Installing package `igrep' ...
461:Retrieving package `igrep-1.09-pkg.tar.gz' ...
462:Added package `edit-utils'
530:Installing package `edit-utils' ...
631:Retrieving package `edit-utils-1.92-pkg.tar.gz' ...
--
Adrian Aichner
mailto:adrian@xemacs.org
http://www.xemacs.org/
4:22 p.m.
>>>> "APA" == Adrian Aichner
<adrian(a)xemacs.org> writes:
>>>> "PB" == rendhalver
<rendhalver(a)xemacs.org> writes:
PB> Hey there everyone.
PB> I have just added the following packages to the 'Pre-Releases'
PB> directory:
PB> please test and let us know how they go
PB> New Packages in Pre-Release:
PB> ===========================
PB> edit-utils-1.92-pkg.tar.gz
PB> igrep-1.09-pkg.tar.gz
PB> psgml-1.31-pkg.tar.gz
APA> All these installed fine:
cool thanks for letting me know adrian
APA> 12 lines matching ^\w+ package ` in buffer *Help: lossage*.
APA> 59:Added package `semantic'
APA> 119:Installing package `semantic' ...
APA> 210:Retrieving package `semantic-1.14-pkg.tar.gz' ...
APA> 211:Added package `psgml'
APA> 271:Installing package `psgml' ...
APA> 385:Retrieving package `psgml-1.31-pkg.tar.gz' ...
APA> 386:Added package `igrep'
APA> 451:Installing package `igrep' ...
APA> 461:Retrieving package `igrep-1.09-pkg.tar.gz' ...
APA> 462:Added package `edit-utils'
APA> 530:Installing package `edit-utils' ...
APA> 631:Retrieving package `edit-utils-1.92-pkg.tar.gz' ...
--
XEmacs Advocate | Do not try the patience of Wizards,
FreeBSD Devote | for they are subtle and quick to anger.
Perl Hacker | - Elric (Technomage) , Babylon 5.
Apache God | <mailto:rendhalver at xemacs.org> <GnuPG KeyID: AE51D190>
8124
days inactive
8129
days old
7 comments
5 participants
participants (5)
-
Adrian Aichner -
Rendhalver [Peter Brown] -
Simon Josefsson -
Stephen J. Turnbull -
Steve Youngs