From: Lizzie Dixon <_@lizzie.io>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: Mark Oteiza <mvoteiza@udel.edu>,
22440@debbugs.gnu.org,
Artur Malabarba <bruce.connor.am@gmail.com>,
Dmitry Gutov <dgutov@yandex.ru>
Subject: bug#22440: 25.1.50; package.el fails to install with package-check-signature t
Date: Wed, 18 May 2016 21:39:05 -0700 [thread overview]
Message-ID: <20160519043905.GA26569@empress> (raw)
In-Reply-To: <5738A8D5.5030206@cs.ucla.edu>
On 05/15, Paul Eggert wrote:
> Dmitry Gutov wrote:
> > On 05/15/2016 10:03 AM, Paul Eggert wrote:
> >
> >> package-check-signature t means check package signatures when installing, and do
> >> not install a package if it is unsigned. Which is what is happening, right?
> >
> > Aren't packages coming from GNU ELPA supposed to all be signed?
>
> Sorry, I don't know. I don't even know how to determine whether that particular
> package is signed.
You can tell because http://elpa.gnu.org/packages/async-1.9.tar.sig exists.
$ curl -O 'http://elpa.gnu.org/packages/async-1.9.tar'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 61440 100 61440 0 0 98420 0 --:--:-- --:--:-- --:--:-- 98304
$ curl -O 'http://elpa.gnu.org/packages/async-1.9.tar.sig'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 96 100 96 0 0 254 0 --:--:-- --:--:-- --:--:-- 253
$ gpg --no-default-keyring --keyring /usr/share/emacs/25.0.93/etc/package-keyring.gpg --verify async-1.9.tar.sig
gpg: assuming signed data in 'async-1.9.tar'
gpg: Signature made Wed 18 May 2016 02:05:02 PM PDT using DSA key ID 7FBDEF9B
gpg: Good signature from "GNU ELPA Signing Agent <elpasign@elpa.gnu.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CA44 2C00 F917 74F1 7F59 D9B0 474F 0583 7FBD EF9B
prev parent reply other threads:[~2016-05-19 4:39 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-23 0:48 bug#22440: 25.1.50; package.el fails to install with package-check-signature t Mark Oteiza
2016-05-15 7:03 ` Paul Eggert
2016-05-15 11:32 ` Dmitry Gutov
2016-05-15 16:50 ` Paul Eggert
2016-05-16 10:59 ` Artur Malabarba
2016-05-18 13:50 ` Artur Malabarba
2016-05-18 16:29 ` Mark Oteiza
2016-05-18 16:36 ` Dmitry Gutov
2016-05-18 16:44 ` Mark Oteiza
2016-05-18 18:10 ` Paul Eggert
2016-05-18 18:23 ` Dmitry Gutov
2016-05-18 19:24 ` Artur Malabarba
2016-05-18 19:33 ` Artur Malabarba
2016-05-19 1:30 ` Daiki Ueno
2016-05-18 19:43 ` Artur Malabarba
2016-05-18 20:43 ` Artur Malabarba
2016-05-18 21:09 ` Artur Malabarba
2016-05-18 22:05 ` Paul Eggert
2016-05-18 23:11 ` Artur Malabarba
2016-05-19 15:15 ` Paul Eggert
2016-05-19 4:39 ` Lizzie Dixon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160519043905.GA26569@empress \
--to=_@lizzie.io \
--cc=22440@debbugs.gnu.org \
--cc=bruce.connor.am@gmail.com \
--cc=dgutov@yandex.ru \
--cc=eggert@cs.ucla.edu \
--cc=mvoteiza@udel.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.