From: Stefan Monnier <monnier@iro.umontreal.ca>
To: Glenn Morris <rgm@gnu.org>
Cc: Eric Abrahamsen <eric@ericabrahamsen.net>, 17625@debbugs.gnu.org
Subject: bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed
Date: Sat, 31 May 2014 20:58:13 -0400 [thread overview]
Message-ID: <jwv8uphlawz.fsf-monnier+emacsbugs@gnu.org> (raw)
In-Reply-To: <wxbnud63kf.fsf@fencepost.gnu.org> (Glenn Morris's message of "Sat, 31 May 2014 17:28:16 -0400")
>> AFAIK we currently use http://elpa.gnu.org/packages/, so no SSL
>> involved.
> Right. Will it Just Work to change that to https?
That would make libgnutls indispensable, and would also require us
getting the cert-verification working correctly.
Nothing significantly more troublesome than requiring users to have GPG
installed and have the ELPA key in the keyring.
And of course we'd need to make sure the "fallback to no checking"
works when gnutls/gpg is not available.
>> I don't enough about SSL certs to be sure whether it would provide
>> comparable guarantees to signed packages.
> I think SSL would verify that you are talking to the server that you
> thought you were talking too,
Right.
> and that no-one had injected anything in between you and it.
Presumably, yes.
> Which is all that gpg-signed packages would do, if the machine that
> hosts the packages also does the signing (AFAICS).
Of course, there are also hypothetical situations, such as someone
setting up a mirror.
Stefan
next prev parent reply other threads:[~2014-06-01 0:58 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-29 3:13 bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed Eric Abrahamsen
2014-05-30 5:14 ` Glenn Morris
2014-05-30 16:28 ` Stefan Monnier
2014-05-31 17:42 ` Glenn Morris
2014-05-31 19:22 ` Glenn Morris
2014-05-31 20:19 ` Stefan Monnier
2014-05-31 21:28 ` Glenn Morris
2014-06-01 0:58 ` Stefan Monnier [this message]
2014-06-05 14:24 ` Ted Zlatanov
2014-06-05 6:19 ` Glenn Morris
2014-06-21 23:50 ` Glenn Morris
2014-06-22 12:30 ` Stefan Monnier
2014-06-23 16:01 ` Glenn Morris
2014-06-23 18:12 ` Glenn Morris
2014-06-23 21:21 ` Stefan Monnier
2014-06-24 5:56 ` Glenn Morris
2014-06-25 15:39 ` Stefan Monnier
2014-06-25 15:47 ` Glenn Morris
2014-06-25 16:47 ` Stefan Monnier
2014-06-25 17:21 ` Stefan Monnier
2014-06-25 21:02 ` Glenn Morris
2014-06-25 22:00 ` Stefan Monnier
2014-06-26 7:28 ` Daiki Ueno
2014-06-26 13:35 ` Stefan Monnier
2014-06-26 14:29 ` Ted Zlatanov
2014-06-26 16:50 ` Stefan Monnier
2014-06-26 18:59 ` Ted Zlatanov
2014-06-26 19:51 ` Stefan Monnier
2014-06-27 0:47 ` Daiki Ueno
2014-06-27 0:52 ` Ted Zlatanov
2014-09-24 15:05 ` Stefan Monnier
2014-09-30 0:33 ` Ted Zlatanov
2014-09-30 1:28 ` Daiki Ueno
2014-09-30 11:06 ` Ted Zlatanov
2014-09-30 3:55 ` Stefan Monnier
2014-09-30 11:02 ` Ted Zlatanov
2014-09-30 14:24 ` Eli Zaretskii
2014-09-30 18:19 ` Ted Zlatanov
2014-10-01 23:13 ` Ted Zlatanov
2014-09-30 15:46 ` Stefan Monnier
2014-06-26 13:53 ` Ted Zlatanov
2014-06-23 19:53 ` Glenn Morris
2014-05-30 7:26 ` Glenn Morris
2014-05-30 16:23 ` Stefan Monnier
2014-05-30 16:48 ` Glenn Morris
2014-05-30 17:38 ` Achim Gratz
2014-05-30 18:39 ` Stefan Monnier
2014-05-30 18:58 ` Achim Gratz
2014-05-30 19:56 ` Stefan Monnier
2017-02-17 20:46 ` bug#17645: Close Eric Abrahamsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jwv8uphlawz.fsf-monnier+emacsbugs@gnu.org \
--to=monnier@iro.umontreal.ca \
--cc=17625@debbugs.gnu.org \
--cc=eric@ericabrahamsen.net \
--cc=rgm@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.