GNU bug report logs - #18144
Shouldn't the default package archive use HTTPS?

Previous Next

Package: emacs;

Reported by: Steven Stewart-Gallus <sstewartgallus00 <at> mylangara.bc.ca>

Date: Tue, 29 Jul 2014 11:09:02 UTC

Severity: normal

Tags: wontfix

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 18144 in the body.
You can then email your comments to 18144 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#18144; Package emacs. (Tue, 29 Jul 2014 11:09:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Steven Stewart-Gallus <sstewartgallus00 <at> mylangara.bc.ca>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Tue, 29 Jul 2014 11:09:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Steven Stewart-Gallus <sstewartgallus00 <at> mylangara.bc.ca>
To: bug-gnu-emacs <at> gnu.org
Subject: Shouldn't the default package archive use HTTPS?
Date: Tue, 29 Jul 2014 04:10:44 +0000 (GMT)

Hello,

By default (in version 24.3.50.3) the value of package-archives is (quote
(("gnu" . "http://elpa.gnu.org/packages/"))). Setting it to use HTTPS seems to
work fine. I think it should be the default. Am I missing that Emacs has some
other way of authenticating downloads and so HTTPS is not needed?

Thank you,
Steven Stewart-Gallus
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#18144; Package emacs. (Wed, 30 Jul 2014 00:05:02 GMT) Full text and rfc822 format available.

Message #8 received at 18144 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Steven Stewart-Gallus <sstewartgallus00 <at> mylangara.bc.ca>
Cc: 18144 <at> debbugs.gnu.org
Subject: Re: bug#18144: Shouldn't the default package archive use HTTPS?
Date: Tue, 29 Jul 2014 20:03:58 -0400

Steven Stewart-Gallus wrote:

> By default (in version 24.3.50.3) the value of package-archives is
> (quote (("gnu" . "http://elpa.gnu.org/packages/"))). Setting it to use
> HTTPS seems to work fine. I think it should be the default.

See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625#51

> Am I missing that Emacs has some other way of authenticating downloads
> and so HTTPS is not needed?

It supposedly supports gpg signing, but it's never been properly tested AFAIK.


I don't think this report adds anything that is not covered in
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625,
so I will close it. But thanks for the report.
Added tag(s) wontfix. Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Wed, 30 Jul 2014 00:05:03 GMT) Full text and rfc822 format available.
bug closed, send any further explanations to 18144 <at> debbugs.gnu.org and Steven Stewart-Gallus <sstewartgallus00 <at> mylangara.bc.ca> Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Wed, 30 Jul 2014 00:05:03 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 27 Aug 2014 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 10 years and 356 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.