[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51038: 27.2; ELPA certificate not trusted on Windows

From: Ioannis Kappas
Subject: bug#51038: 27.2; ELPA certificate not trusted on Windows
Date: Thu, 28 Oct 2021 20:34:05 +0100

On Mon, Oct 25, 2021 at 6:18 PM Ioannis Kappas <ioannis.kappas@gmail.com> wrote:
> On Mon, Oct 25, 2021 at 12:48 PM Eli Zaretskii <eliz@gnu.org> wrote:
> >
> > > From: Ioannis Kappas <ioannis.kappas@gmail.com>
> > > Date: Sun, 24 Oct 2021 21:30:09 +0100
> > > Cc: john@rootabega.net, 51038@debbugs.gnu.org, emacs-hoffman@snkmail.com,
> > >       Lars Ingebrigtsen <larsi@gnus.org>
> > >
> > > If this is the official position, IMHO it should be clearly stated
> > > somewhere obvious (unless I missed it). Otherwise people old or new to
> > > emacs think these precompiled binaries are officially supported by the
> > > project maintainers and should work out of the box.
> >
> > You are reading too much into that text.  It doesn't say anywhere that
> > these binaries are "official', nor even that they are endorsed or
> > blessed by the project.  I don't think it's reasonable to expect us to
> > have a disclaimer near any binary distribution of Emacs saying it
> > isn't "official".  There are more sites out there which distribute
> > precompiled binaries of Emacs.
> I believe the perception for the majority of users new or old to Emacs
> is that these are the official binaries. As of a random example, the
> Emacs Wiki @ https://www.emacswiki.org/emacs/MsWindowsInstallation
> reads (the *** are mine):
> """ Guidelines for installing Emacs on MS Windows
> To install the ***official*** stable binaries:

Hi again, here is some more evidence that these prebuild binaries are
widely considered to be official GNU packages. They are picked up by
the two major MS-Windows package managers I am aware of, and thus
almost everyone is affected when something goes wrong:

Chocolatey: https://community.chocolatey.org/packages/Emacs

Scoop: https://github.com/ScoopInstaller/Extras/blob/master/bucket/emacs.json

(and what Eldev used as an installer in the GitHub action:

I would like to stress again that IMO it should be made clear
somewhere prominent that these precompiled binaries published on the
GNU ftp site are unofficial, unmaintained,  unsupported binary
packages (as I believe is Eli's position) and people or processes
should not rely  on them, but rather build their own packages from
source (which is a non-trivial task for many people and requires
access to MSYS2). I don't believe the package managers are wrong here
for picking up the binaries from the official GNU site. It is the
inherited belief that these are official supported binaries that is
the issue IMHO.

Sorry for bringing this up again, but I do believe this is a major
issue which requires addressing affecting many people and processes
out there.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]