[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17625: 24.4.50; All installed packages marked "unsigned", no archive
From: |
Glenn Morris |
Subject: |
bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed |
Date: |
Sat, 31 May 2014 17:28:16 -0400 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Stefan Monnier wrote:
> I guess we could move the archive-generation process to another machine,
I won't pretend to know what I'm talking about, but I think that's the
kind of thing you have to do if this is to have any real value.
And for an inherently-not-very-secure environment like Emacs, is it worth it?
> AFAIK we currently use http://elpa.gnu.org/packages/, so no SSL
> involved.
Right. Will it Just Work to change that to https?
> I don't enough about SSL certs to be sure whether it would provide
> comparable guarantees to signed packages.
I think SSL would verify that you are talking to the server that you
thought you were talking too, and that no-one had injected anything in
between you and it. Which is all that gpg-signed packages would do, if
the machine that hosts the packages also does the signing (AFAICS).
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Eric Abrahamsen, 2014/05/28
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/05/31
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/05/31
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/31
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed,
Glenn Morris <=
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/31
bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Achim Gratz, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Achim Gratz, 2014/05/30
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/05/30