[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22089: installs packages with bad signatures

From: Glenn Morris
Subject: bug#22089: installs packages with bad signatures
Date: Thu, 03 Dec 2015 18:10:09 -0500
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Package: emacs
Version: 25.0.50
Severity: important

Emacs happily installs packages with bad gpg signatures.
This has been flagged by the test-suite and automated builds for the past
several weeks. (I feel like asking why we even have those things, for
all the attention they seem to get.)

This seems to be the first failure.

Here is the diff from the previous build, with several package changes:

Here's a standalone recipe in the emacs-25 branch:

cd test/automated
mkdir /tmp/foo
HOME=/tmp/foo ../../src/emacs -Q
(setq package-archives `(("gnu" . ,(expand-file-name "data/package/signed/"))))
(package-import-keyring "data/package/key.pub")
(package-install 'signed-bad)

M-x list-packages    ->  signed-bad installed

reply via email to

[Prev in Thread] Current Thread [Next in Thread]