From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ben Sturmfels Newsgroups: gmane.emacs.devel Subject: Default package-archives to HTTPS Date: Mon, 07 Sep 2015 14:43:05 +1000 Message-ID: <87twr696w6.fsf@sturm.com.au> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: ger.gmane.org 1441601027 30474 80.91.229.3 (7 Sep 2015 04:43:47 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 7 Sep 2015 04:43:47 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 07 06:43:35 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZYoHD-0001AC-T4 for ged-emacs-devel@m.gmane.org; Mon, 07 Sep 2015 06:43:32 +0200 Original-Received: from localhost ([::1]:53028 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZYoHD-0005p5-24 for ged-emacs-devel@m.gmane.org; Mon, 07 Sep 2015 00:43:31 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44455) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZYoGy-0005of-QJ for emacs-devel@gnu.org; Mon, 07 Sep 2015 00:43:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZYoGt-0001xl-V0 for emacs-devel@gnu.org; Mon, 07 Sep 2015 00:43:16 -0400 Original-Received: from out4-smtp.messagingengine.com ([66.111.4.28]:39568) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZYoGt-0001w7-NU for emacs-devel@gnu.org; Mon, 07 Sep 2015 00:43:11 -0400 Original-Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 1265B20197 for ; Mon, 7 Sep 2015 00:43:10 -0400 (EDT) Original-Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 07 Sep 2015 00:43:10 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sturm.com.au; h= content-type:date:from:message-id:mime-version:subject:to :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=DeAKCWE1Wc9LTVvwDT8AxI0O+P8 =; b=imVJLYz5As4asGktNAXtx5bKX/ZtY+wjX93VClsKXeSY1wekDEfzLUeLEaO 9XK5KxjE37uTZ+z5N7lqSdVb8WzfEj+fJQkT/Ub31Dii8A4sTQK/ng+iy0aVzvHp YIlnYNi8MjCGfq9DRkLjBq+OtPMJfQeKqCoHO0a4diog+5Fc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=De AKCWE1Wc9LTVvwDT8AxI0O+P8=; b=bVhdiU4Xg4XpGZ+D07Ge5yS9x6sfa91Qra SRby/R12AvwaMYcW5TUk8CK++ZHmiWV1oWBX/V94gzyRWFJkES7CNQ1UXw5vxK2Q nzLyW6cK6HCBb46WXWiN63M3g+coIB34a/JHqbuIYoVGd++YBX94jIk7K5EMyDHh mor3AiK1I= X-Sasl-enc: AbSbWci/9ASGbJk/j6UuO+D7xRcYzGOwEyZZV4xt8EUd 1441600989 Original-Received: from Womble (ppp118-209-108-235.lns20.mel4.internode.on.net [118.209.108.235]) by mail.messagingengine.com (Postfix) with ESMTPA id 8252268007E; Mon, 7 Sep 2015 00:43:09 -0400 (EDT) Original-Received: by Womble (Postfix, from userid 1000) id 43018414A5; Mon, 7 Sep 2015 14:43:06 +1000 (AEST) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.111.4.28 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:189663 Archived-At: --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Folks, I've attached a small patch to switch the `package-archives' default, http://elpa.gnu.org/packages/, to HTTPS. This helps to avoid surveillance or tampering with downloaded packages. Thanks to Fran=C3=A7ois Marier for the suggestion: https://identi.ca/fmarier/note/XBKVu8OLT9KiUmqIj-a4Rg This is my first patch to Emacs, so let me know if it needs any changes. Regards, Ben =2D-=20 Ben Sturmfels Sturm www.sturm.com.au (03) 9024 2467 --=-=-= Content-Type: text/x-diff Content-Disposition: attachment; filename=package-archive-default-https.patch Content-Transfer-Encoding: quoted-printable From=2046ee3020703c951eeb975ff95fad3b1689c20b49 Mon Sep 17 00:00:00 2001 From: Ben Sturmfels Date: Mon, 7 Sep 2015 14:27:35 +1000 Subject: [PATCH] Switch default package archive to HTTPS * lisp/emacs-lisp/package.el (package-archives): Use HTTPS to access the default archive, elpa.gnu.org/packages/. Copyright-paperwork-exempt: yes =2D-- lisp/emacs-lisp/package.el | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 4d3678a..5579db6 100644 =2D-- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -204,14 +204,14 @@ If VERSION is nil, the package is not loaded (it is \= "disabled\")." :risky t :version "24.1") =20 =2D(defcustom package-archives '(("gnu" . "http://elpa.gnu.org/packages/")) +(defcustom package-archives '(("gnu" . "https://elpa.gnu.org/packages/")) "An alist of archives from which to fetch. The default value points to the GNU Emacs package repository. =20 Each element has the form (ID . LOCATION). ID is an archive name, as a string. LOCATION specifies the base location for the archive. =2D If it starts with \"http:\", it is treated as a HTTP URL; + If it starts with \"http:\" or \"https:\", it is treated as a URL; otherwise it should be an absolute directory name. (Other types of URL are currently not supported.) =20 =2D-=20 1.9.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV7RXZAAoJEAI8BeLJwGjw4BwP/jUtb41rrC54gmmHG8RfTlPm 9stU9zJpUoe1rAEYjQNRdNCMLvg82YRMYCOnWIXak7BSYaG3LUpEu8dtaP9R8nMB O0pSSteqmA3RJ3ThAdM3AIH9wl8YPR+fvOurbwK6ea2mWCfMuc5SLOqtguoXtgAU 2I7zp4Fdrwl4EkUnhIsddSeF2y29pNhyGoD/3Zls9GtUDGKPVHbP+xdGB+uUFEp8 dBMm5z25mAE9MR7rgVUpIoVSyGqwPg90WoTOT6vJzaSQzjdYPiHKY3lf1t5G43PI v3TIGzqcc+h+w6+k1W7vRBE9/EeYG59ZasA1SwYE2kbfwUAWLCvJcOu3KtIafuKX zlw2DAKf2K4Vy/QMeY4uCOE1NzvuRBjd4FnIWMNtqO4xI0WyfZ+b2Vad5/kjqva1 FDcda5u3YyWRooVwcNlPgj1iwmO8wfHBHe2DSLbxHpPI31w8NDlOvS2I1asfzEqC fyUCkQgnBQaVjrZ+35ZVD5q71BZ6IzvSA4wgJzP8BsmsIhrwebJF5zAS9ASglR8S r8Oy0sNM1brMImLMrm5loR8kR0+xH7HagA1UHjbvtC0ARniNu258tRa3bVDdnyfI p338V+1lVbz1oyb7Qy80g52OO58qfkWkuz31O+y5ZkOsE12xAF0fI4WK+R0HcXF/ cKsHgqcyNb6ylChJ0Qx3 =sKvb -----END PGP SIGNATURE----- --==-=-=--