GNU bug report logs - #61277
FR: ELPA security - Restrict package builds to signed git commits

Previous Next

Full log

View this message in rfc822 format

From: Ihor Radchenko <yantar92 <at> posteo.net>
To: rms <at> gnu.org
Cc: mail <at> daniel-mendler.de, 61277 <at> debbugs.gnu.org, stefan <at> marxist.se, monnier <at> iro.umontreal.ca
Subject: bug#61277: FR: ELPA security - Restrict package builds to signed git commits
Date: Thu, 09 Feb 2023 12:07:32 +0000

Richard Stallman <rms <at> gnu.org> writes:

>   > This was explicitly requested to be made into a bug ticket on
>   > emacs-devel. See
>   > https://yhetil.org/emacs-devel/CADwFkmkx3J=LvWT1upGMBaC3MRuyuxmAOB4ghRpYu-BCuX3sSg <at> mail.gmail.com
>
> I looked at that URL but I can't understand what it says.  I see
> several ways to parse "This was explicitly requested to be made into a
> bug ticket on emacs-devel" so I don't know what it means.  Can you
> state your point more explicitly and not tersely?

I meant that Daniel submitted this bug ticket after Stefan's message
stating that

>>>   I think we should add some flag to the build system saying that a
>>>   package should only be released if the new tag has a valid signature...
>>>
>>>   IMO, opening a feature request for this in the bug tracker would be
>>>   useful.  A patch would be even better.

The emacs-devel discussion that includes the topic of this FR has been
started earlier in the thread I linked to. So, there is no need to move
this FR to emacs-devel - it is already being discussed there.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.