Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org

From:	ng0
Subject:	Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org
Date:	Thu, 08 Sep 2016 23:27:56 +0000

Hi,

can someone else comment on this thread? I've listed part of my reasons,
not all, my position should be clear.

ng0 <address@hidden> writes:

> ng0 <address@hidden> writes:
>
>> Alex Kost <address@hidden> writes:
>>
>>> ng0 (2016-08-27 17:20 +0300) wrote:
>>>
>>>> From d2dfd0fcc34f5cdcb9d181093cffd5af16be6641 Mon Sep 17 00:00:00 2001
>>>> From: ng0 <address@hidden>
>>>> Date: Sat, 27 Aug 2016 13:33:31 +0000
>>>> Subject: [PATCH 1/4] gnu: emacs: Use https for elpa.gnu.org.
>>>>
>>>> * gnu/packages/emacs.scm: Use 'https' for all elpa.gnu.org urls.
>>>> ---
>>>>  gnu/packages/emacs.scm | 24 ++++++++++++------------
>>>>  1 file changed, 12 insertions(+), 12 deletions(-)
>>>>
>>>>
>>>> diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
>>>> index 4fe9a8a..d1d8af0 100644
>>>> --- a/gnu/packages/emacs.scm
>>>> +++ b/gnu/packages/emacs.scm
>>>> @@ -652,7 +652,7 @@ programs.")
>>>>      (version "1.0.4")
>>>>      (source (origin
>>>>                (method url-fetch)
>>>> -              (uri (string-append 
>>>> "http://elpa.gnu.org/packages/let-alist-";
>>>> +              (uri (string-append 
>>>> "https://elpa.gnu.org/packages/let-alist-";
>>>>                                    version ".el"))
>>>
>>> FYI 'let-alist' was added by Ludovic, and I think using "http" was
>>> intentional.  I asked once about "https" vs. "http", and I'm not sure
>>> whether these http→https changes are desired:
>>>
>>> http://lists.gnu.org/archive/html/guix-devel/2015-07/msg00378.html
>>
>> I share this position although it is a very short statement for a
>> complex topic. Using tls in combination with for example the extension
>> certificate patrol for firefox based browsers helps to control
>> certificates and catch bad ones.
>>
>> Does hydra pull packages via tor? Is our default tor? No. As long as we
>> have no alternative, like the one I work towards to, we should use the
>> minimal bit of authenticity tls can provide.
>
> Adding to this: in some countries, using tor is dangerous, illegal and
> the opposition can face severe sentences by the government in charge of
> the country. It makes more sense to use tls, even when it is broken,
> than to say 'just use tor'. We add security on top of that through hash
> and checksums, but having a default of tls is safer in my opinion, for
> the moment.
> -- 
> ng0
> For non-prism friendly talk find me on http://www.psyced.org
>

-- 
ng0
For non-prism friendly talk find me on http://www.psyced.org

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org, ng0 <=
- Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org, Alex Kost, 2016/09/09
  - Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org, Alex Kost, 2016/09/12
    - Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org, Ludovic Courtès, 2016/09/13

Prev by Date: Re: [PATCH 07/43] gnu: Add ghc-haskeline.
Next by Date: Re: [PATCH]: opensmtpd, opensmtpd-extras, libasr.
Previous by thread: [PATCH] gnu: Add threadingbuildingblocks.
Next by thread: Re: [PATCH] gnu: emacs: Use https for elpa.gnu.org
Index(es):
- Date
- Thread