GNU bug report logs -
#17625
details of package signing mechanism
Previous Next
Reported by: Eric Abrahamsen <eric <at> ericabrahamsen.net>
Date: Thu, 29 May 2014 03:12:01 UTC
Severity: important
Tags: security
Found in version 24.4.50
Done: Stefan Monnier <monnier <at> iro.umontreal.ca>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On Tue, 30 Sep 2014 11:46:46 -0400 Stefan Monnier <monnier <at> iro.umontreal.ca> wrote:
>> I am, but looked in the trunk for this file. I didn't expect you'd put
>> the keyring only in the emacs-24 branch. Why keep it out of trunk?
>> Users there won't know to look in emacs-24.
SM> For those who haven't followed Emacs's development over the last
SM> 5 years: changes that should go into the release are made *only* to the
SM> release branch, which is then merged every once in a while into trunk.
On Tue, 30 Sep 2014 17:24:19 +0300 Eli Zaretskii <eliz <at> gnu.org> wrote:
EZ> Everything in the emacs-24 branch gets merged to the trunk shortly.
Thanks, Eli. Stefan, I have done what I can to keep up with Emacs
development over the last few years and AFAICR have always tracked and
committed to the trunk. I'll keep your note in mind for the future.
>> They have to attempt an install. That's why I suggested the "Verify" button.
SM> A verify button would only make sense if we exposed the "download" and
SM> the "install" as two separate steps, so the user could then "verify"
SM> between those two steps.
You're right.
Ted
This bug report was last modified 10 years and 237 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.