From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: expand tls to elpa.gnu.org Date: Mon, 21 Mar 2011 17:17:20 -0400 Message-ID: <87hbawtbq7.fsf@stupidchicken.com> References: <87mxkojpk4.fsf@lifelogs.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1300742261 6853 80.91.229.12 (21 Mar 2011 21:17:41 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Mon, 21 Mar 2011 21:17:41 +0000 (UTC) Cc: emacs-devel@gnu.org To: Ted Zlatanov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Mar 21 22:17:37 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q1mTo-0003C7-RB for ged-emacs-devel@m.gmane.org; Mon, 21 Mar 2011 22:17:36 +0100 Original-Received: from localhost ([127.0.0.1]:39073 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q1mTn-0001hH-Om for ged-emacs-devel@m.gmane.org; Mon, 21 Mar 2011 17:17:35 -0400 Original-Received: from [140.186.70.92] (port=56071 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q1mTg-0001fP-7c for emacs-devel@gnu.org; Mon, 21 Mar 2011 17:17:29 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q1mTf-0004c8-0b for emacs-devel@gnu.org; Mon, 21 Mar 2011 17:17:28 -0400 Original-Received: from vm-emlprdomr-05.its.yale.edu ([130.132.50.146]:37751) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q1mTe-0004by-V6 for emacs-devel@gnu.org; Mon, 21 Mar 2011 17:17:26 -0400 Original-Received: from furball (dhcp128036014052.central.yale.edu [128.36.14.52]) (authenticated bits=0) by vm-emlprdomr-05.its.yale.edu (8.14.4/8.14.4) with ESMTP id p2LLHODu027765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 21 Mar 2011 17:17:25 -0400 Original-Received: by furball (Postfix, from userid 1000) id 34CFC160466; Mon, 21 Mar 2011 17:17:21 -0400 (EDT) In-Reply-To: <87mxkojpk4.fsf@lifelogs.com> (Ted Zlatanov's message of "Mon, 21 Mar 2011 13:28:43 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-Scanned-By: MIMEDefang 2.71 on 130.132.50.146 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 130.132.50.146 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:137499 Archived-At: Ted Zlatanov writes: > aj> so far there is no tls/ssl support for elpa.gnu.org . In my opinion > aj> this is a real problem as there is no way to check the authenticity > aj> and integrity of downloaded packages. Is it possible to expand the > aj> certificate of gnu.org to elpa.gnu.org? > aj> Of course this makes the package-manager not checking integrity - > aj> but I think anyone interested in doing so can modify it without > aj> problems. > > I can install a certificate but it has to be requested by the domain > owner so I'm not sure who to bug about it. Why not simply distribute the certificate file with Emacs? Also, the Emacs package manager uses the url library for downloading via http. How well does that library support https? If I give `url-retrieve-synchronously' a https url, does it currently DTRT?