From: Ted Zlatanov <tzz@lifelogs.com>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: Daiki Ueno <ueno@gnu.org>, 17625@debbugs.gnu.org
Subject: bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed
Date: Thu, 26 Jun 2014 20:52:41 -0400 [thread overview]
Message-ID: <87egyb9ns6.fsf@lifelogs.com> (raw)
In-Reply-To: <jwva98zqwuf.fsf-monnier+emacsbugs@gnu.org> (Stefan Monnier's message of "Thu, 26 Jun 2014 15:51:25 -0400")
On Thu, 26 Jun 2014 15:51:25 -0400 Stefan Monnier <monnier@iro.umontreal.ca> wrote:
SM> Whereas the feature you're discussing seems to be to indicate which
SM> candidates for installation have a signature available for checking
SM> (this is not implemented, AFAICT).
>> Is there a plan to implement the latter feature and can I help? I recall
>> some discussions months ago but no definite plan.
SM> I see 3 behaviors for it:
SM> - Mention at package-installation time that there's no signature to check,
SM> maybe with a prompt to confirm the user really wants to go ahead.
SM> This is more or less the route taken by APT, AFAIK (at least, seen
SM> from the user's point of view).
SM> The first behavior [] should be very easy to implement.
Great, this is an improvement on the current situation and will
encourage package maintainers to sign their packages. But it must be one
prompt per queue, not per package, so it's not too annoying. Also
consider users without GnuPG, what should they see?
SM> - Keep track of which archives have signatures and which don't (e.g. by
SM> assuming that if `archive-contents' has a sig, then the packages also
SM> have sigs). Then somehow display this info in the package list.
I think that's a safe assumption and can be just an extra 1-char column
after the archive name for the package. It's the logical UI companion to
the install-time prompt so the user knows to expect the prompt later.
SM> - Check each and every package to see if it has a sig. This implies
SM> a lot more network communication, AFAICT, so I think it's not
SM> a good idea.
Agreed. In addition, just because a package has a valid signature when
you list it doesn't mean it will be present or valid when you install it.
Do you have a plan to start signing GNU ELPA packages so this can get
tested in a real network setup? Just one is enough. I didn't mean to
hijack this ticket; we can continue the discussion on emacs-devel or
in a new ticket.
Thanks
Ted
next prev parent reply other threads:[~2014-06-27 0:52 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-29 3:13 bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed Eric Abrahamsen
2014-05-30 5:14 ` Glenn Morris
2014-05-30 16:28 ` Stefan Monnier
2014-05-31 17:42 ` Glenn Morris
2014-05-31 19:22 ` Glenn Morris
2014-05-31 20:19 ` Stefan Monnier
2014-05-31 21:28 ` Glenn Morris
2014-06-01 0:58 ` Stefan Monnier
2014-06-05 14:24 ` Ted Zlatanov
2014-06-05 6:19 ` Glenn Morris
2014-06-21 23:50 ` Glenn Morris
2014-06-22 12:30 ` Stefan Monnier
2014-06-23 16:01 ` Glenn Morris
2014-06-23 18:12 ` Glenn Morris
2014-06-23 21:21 ` Stefan Monnier
2014-06-24 5:56 ` Glenn Morris
2014-06-25 15:39 ` Stefan Monnier
2014-06-25 15:47 ` Glenn Morris
2014-06-25 16:47 ` Stefan Monnier
2014-06-25 17:21 ` Stefan Monnier
2014-06-25 21:02 ` Glenn Morris
2014-06-25 22:00 ` Stefan Monnier
2014-06-26 7:28 ` Daiki Ueno
2014-06-26 13:35 ` Stefan Monnier
2014-06-26 14:29 ` Ted Zlatanov
2014-06-26 16:50 ` Stefan Monnier
2014-06-26 18:59 ` Ted Zlatanov
2014-06-26 19:51 ` Stefan Monnier
2014-06-27 0:47 ` Daiki Ueno
2014-06-27 0:52 ` Ted Zlatanov [this message]
2014-09-24 15:05 ` Stefan Monnier
2014-09-30 0:33 ` Ted Zlatanov
2014-09-30 1:28 ` Daiki Ueno
2014-09-30 11:06 ` Ted Zlatanov
2014-09-30 3:55 ` Stefan Monnier
2014-09-30 11:02 ` Ted Zlatanov
2014-09-30 14:24 ` Eli Zaretskii
2014-09-30 18:19 ` Ted Zlatanov
2014-10-01 23:13 ` Ted Zlatanov
2014-09-30 15:46 ` Stefan Monnier
2014-06-26 13:53 ` Ted Zlatanov
2014-06-23 19:53 ` Glenn Morris
2014-05-30 7:26 ` Glenn Morris
2014-05-30 16:23 ` Stefan Monnier
2014-05-30 16:48 ` Glenn Morris
2014-05-30 17:38 ` Achim Gratz
2014-05-30 18:39 ` Stefan Monnier
2014-05-30 18:58 ` Achim Gratz
2014-05-30 19:56 ` Stefan Monnier
2017-02-17 20:46 ` bug#17645: Close Eric Abrahamsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87egyb9ns6.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=17625@debbugs.gnu.org \
--cc=monnier@iro.umontreal.ca \
--cc=ueno@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).