Eli Zaretskii <address@hidden> writes:
> and we don't even know whether emacs-26 will be
> used for another "regular" release.
So, I'm thinking we should be aiming for another "regular" release
around September, when the GNU ELPA package signing key expires. After
that, people downloading Emacs 26.2 won't be able to install GNU ELPA
packages without either disabling signature checking, or manually
installing the new key.
https://debbugs.gnu.org/35414
https://elpa.gnu.org/packages/gnu-elpa-keyring-update.html
The signature checking has never worked anyway, though. Will having a newer
signature make a difference? If I rename my .emacs.d/ and run "emacs" (master),
then "M-x package-list", I get this:
Failed to verify signature archive-contents.sig:
Bad signature from 474F05837FBDEF9B GNU ELPA Signing Agent (2014) <
address@hidden>
Command output:
gpg: Signature made 05/14/19 10:10:03 GMT Summer Time
gpg: using DSA key CA442C00F91774F17F59D9B0474F05837FBDEF9B
gpg: BAD signature from "GNU ELPA Signing Agent (2014) <
address@hidden>" [unknown]