Re: Problems with new semantic package
|--==> "VS" == Ville Skytt <Ville> writes:
VS> On Mon, 2002-08-12 at 09:30, Ovidiu Predescu wrote:
>>I was thinking what would be the best way to do this, to avoid
security issues as well. Is there an Xemacs way to cryptographically
sign files, which is independent on external packages like gpg or
pgp? Or should I rely instead on Java security?
VS> Hmm, the mailcrypt package? But it needs pgp/gpg... is that a VS>
problem? xslt-process could always require mailcrypt in XEmacs.
Hi Ovidiu!
We've just added a new package to XEmacs called "ecrypto", this sounds
like something it could handle. It hasn't been released in the
mainline packages yet, but it is in Pre-Release.
That package only contains low-level functions, I don't think you can
digitally sign anything in a useful way using that code. I think this
really must be designed into the package system itself -- packages should
be signed, and the package installer should verify it against a XEmacs
Release Manager certificate. This is how RPM do it.
Mailcrypt has the required functionality though. And GPG or OpenSSL will
be needed unless we want to implement OpenPGP/PKIX in elisp.