From: phillip.lord@russet.org.uk (Phillip Lord)
To: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: emacs-devel@gnu.org
Subject: Re: Urgent matter with GNU ELPA keys
Date: Mon, 11 Feb 2019 22:19:29 +0000 [thread overview]
Message-ID: <877ee6klxq.fsf@russet.org.uk> (raw)
In-Reply-To: <jwv5ztqs99r.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message of "Mon, 11 Feb 2019 09:17:32 -0500")
Stefan Monnier <monnier@iro.umontreal.ca> writes:
> I just saw that the GNU ELPA signing key that we distribute with Emacs
> (stored in etc/package-keyring.gpg) will expire in September.
>
> It's easy to change elpa.gnu.org to sign with a new key, but the hard
> part that we need to take care of ASAP is to figure out how we're going
> to let users of already-distributed Emacsen access GNU ELPA when that
> new key is used.
>
> My GPG-fu is rather weak, so I need help,
Write a package called "package-keys.el" which includes the new
key. Sign it with the existing key distributed with Emacs.
Of course, this will have what you might call a reverse bootstrap
problem -- users will need to install package-keys.el before they key
runs out, but they won't know that they need to do this till the key
runs out. After this, Emacs will refuse to install the package that it
needs to allow the installation. Only solution I can see here would be
to put some code that people can eval in *scratch* that bypasses the key
signing thing.
Long term solution would be an auto-updating and installing version of
package-keys.el and maybe package.el. This would have practical problems
(because ELPA doesn't support multiple versions of packages). I expect
Richard would object also.
Phil
prev parent reply other threads:[~2019-02-11 22:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-11 14:17 Urgent matter with GNU ELPA keys Stefan Monnier
2019-02-11 15:27 ` Andreas Schwab
2019-02-11 15:52 ` Amin Bandali
2019-02-11 22:19 ` Phillip Lord [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877ee6klxq.fsf@russet.org.uk \
--to=phillip.lord@russet.org.uk \
--cc=emacs-devel@gnu.org \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).