GNU bug report logs - #17625
details of package signing mechanism

Previous Next

Package: emacs;

Reported by: Eric Abrahamsen <eric <at> ericabrahamsen.net>

Date: Thu, 29 May 2014 03:12:01 UTC

Severity: important

Tags: security

Found in version 24.4.50

Done: Stefan Monnier <monnier <at> iro.umontreal.ca>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 17625 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Eric Abrahamsen <eric <at> ericabrahamsen.net>, 17625 <at> debbugs.gnu.org
Subject: Re: bug#17625: 24.4.50;
 All installed packages marked "unsigned", no archive listed
Date: Fri, 30 May 2014 12:48:56 -0400

clone 17625 -1
retitle -1 record metadata when installing packages
severity -1 normal
stop

Stefan Monnier wrote:

> That's by design: we shouldn't care where it came from.

I think installing a package should record information such as: which
archive it was installed from, and the install date. This is how eg
rpm/yum behaves.

(This is a totally separate issue from the signing of packages, so I
have (hopefully) cloned a new bug for it. Let's try and send further
correspondence about this aspect to whatever the new bug number ends up
to be...)

This bug report was last modified 10 years and 236 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #17625 details of package signing mechanism

GNU bug report logs - #17625
details of package signing mechanism