GNU bug report logs - #61277
FR: ELPA security - Restrict package builds to signed git commits

Previous Next

Package: emacs;

Reported by: Daniel Mendler <mail <at> daniel-mendler.de>

Date: Sat, 4 Feb 2023 18:20:02 UTC

Severity: wishlist

Tags: security

Full log

View this message in rfc822 format

From: Richard Stallman <rms <at> gnu.org>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: mail <at> daniel-mendler.de, 61277 <at> debbugs.gnu.org, yantar92 <at> posteo.net, monnier <at> iro.umontreal.ca
Subject: bug#61277: FR: ELPA security - Restrict package builds to signed git commits
Date: Wed, 15 Feb 2023 00:17:14 -0500

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > >   > In the case of a breach,
  > >
  > > Breach of precisely what?  To think about this issue
  > > requires an answer to that question.

  > The idea is that the likelihood of both an SSH and a PGP key getting
  > stolen at the same time is lower than either one of them getting stolen
  > separately.

That seems plausible to me, but we are miscommunicating.
You're discussing the "how" of a possible breach,
but what I really need to know is the "what".
What is being breached?  What is the context here?

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
This bug report was last modified 1 year and 286 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.