From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] package.el: check tarball signature Date: Sat, 05 Oct 2013 15:37:45 +0300 Message-ID: <83li277v1i.fsf@gnu.org> References: <874n92x9em.fsf@flea.lifelogs.com> <87fvsk9m8b.fsf-ueno@gnu.org> <877gdutp1l.fsf@flea.lifelogs.com> <83pprkc02t.fsf@gnu.org> <87fvsgspq3.fsf@flea.lifelogs.com> <83mwmob3dm.fsf@gnu.org> <8738ogrpqw.fsf@flea.lifelogs.com> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1380976688 6710 80.91.229.3 (5 Oct 2013 12:38:08 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 5 Oct 2013 12:38:08 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Oct 05 14:38:11 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VSR7a-000113-DO for ged-emacs-devel@m.gmane.org; Sat, 05 Oct 2013 14:38:10 +0200 Original-Received: from localhost ([::1]:51771 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSR7Z-0007bS-V9 for ged-emacs-devel@m.gmane.org; Sat, 05 Oct 2013 08:38:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59762) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSR7S-0007b9-4s for emacs-devel@gnu.org; Sat, 05 Oct 2013 08:38:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VSR7N-0003w7-0q for emacs-devel@gnu.org; Sat, 05 Oct 2013 08:38:02 -0400 Original-Received: from mtaout22.012.net.il ([80.179.55.172]:65265) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VSR7M-0003w1-Ow for emacs-devel@gnu.org; Sat, 05 Oct 2013 08:37:56 -0400 Original-Received: from conversion-daemon.a-mtaout22.012.net.il by a-mtaout22.012.net.il (HyperSendmail v2007.08) id <0MU7000004BSO600@a-mtaout22.012.net.il> for emacs-devel@gnu.org; Sat, 05 Oct 2013 15:37:55 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout22.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0MU7000KS4F6DKA0@a-mtaout22.012.net.il> for emacs-devel@gnu.org; Sat, 05 Oct 2013 15:37:55 +0300 (IDT) In-reply-to: <8738ogrpqw.fsf@flea.lifelogs.com> X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: Solaris 10 X-Received-From: 80.179.55.172 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163873 Archived-At: > From: Ted Zlatanov > Date: Sat, 05 Oct 2013 06:11:51 -0400 > > On Sat, 05 Oct 2013 10:09:25 +0300 Eli Zaretskii wrote: > > >> From: Ted Zlatanov > >> Date: Fri, 04 Oct 2013 17:14:44 -0400 > >> > >> >> Actually, let's wait. If all turn out well, most/all ELPA archives will > >> >> start providing signatures in the not too distant future and there'll be > >> >> no need for per-archive settings (and we can change the default to t). > >> > EZ> Are you saying that verification will not need gpg be installed? > >> > >> If my work with libnettle progresses well, I think we'll be able to at > >> least verify GPG signatures without calling out to GnuPG or other tools > >> on all the platforms that have libnettle+libhogweed (any platforms with > >> GnuTLS support AFAIK). > > EZ> And what about users whose Emacs doesn't have GnuTLS? Are we saying > EZ> they will not be able to install packages from ELPA without being > EZ> annoyed by prompts and error messages? > > No one has said that AFAIK. Stefan did, see above. > My suggestion was to give users the choice (per archive) to always, > maybe, or never verify packages. Currently this choice is global in > Daiki Ueno's changes that were committed recently, but it's still a > choice. Daiki's default is not t.