GNU bug report logs - #61277
FR: ELPA security - Restrict package builds to signed git commits

Previous Next

Package: emacs;

Reported by: Daniel Mendler <mail <at> daniel-mendler.de>

Date: Sat, 4 Feb 2023 18:20:02 UTC

Severity: wishlist

Tags: security

Full log

Message #29 received at 61277 <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: Ihor Radchenko <yantar92 <at> posteo.net>
Cc: mail <at> daniel-mendler.de, 61277 <at> debbugs.gnu.org, stefan <at> marxist.se,
 monnier <at> iro.umontreal.ca
Subject: Re: bug#61277: FR: ELPA security - Restrict package builds to signed
 git commits
Date: Sat, 11 Feb 2023 23:04:30 -0500

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > > I looked at that URL but I can't understand what it says.  I see
  > > several ways to parse "This was explicitly requested to be made into a
  > > bug ticket on emacs-devel" so I don't know what it means.  Can you
  > > state your point more explicitly and not tersely?

  > I meant that Daniel submitted this bug ticket after Stefan's message
  > stating that

  > >>>   I think we should add some flag to the build system saying that a
  > >>>   package should only be released if the new tag has a valid signature...
  > >>>
  > >>>   IMO, opening a feature request for this in the bug tracker would be
  > >>>   useful.  A patch would be even better.

Now I think I understand.

Thanks, Daniel.  That was a useful thing to do.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
This bug report was last modified 1 year and 286 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.