GNU bug report logs - #21238
ELPA not available over TLS

Previous Next

Package: emacs;

Reported by: Glyph <glyph <at> twistedmatrix.com>

Date: Tue, 11 Aug 2015 23:40:03 UTC

Severity: wishlist

Tags: notabug

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 21238 <at> debbugs.gnu.org (full text, mbox):

From: Glyph <glyph <at> twistedmatrix.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 21238 <at> debbugs.gnu.org
Subject: Re: bug#21238: ELPA not available over TLS
Date: Wed, 12 Aug 2015 10:22:58 -0700

[Message part 1 (text/plain, inline)]
> On Aug 11, 2015, at 7:25 PM, Stefan Monnier <monnier <at> iro.umontreal.ca> wrote:
> 
>> Even if packages were signed and I could verify all of them, I still don't
>> think it's the NSA's business which packages I've requested from ELPA.
>> It would be nice if ELPA were available over TLS to provide both an
>> additional level of security,
> 
> AFAIK you can already use "https://..." addresses.  This should work for
> the GNU ELPA server, at least.

Okay, I was sure I'd hit https://elpa.gnu.org and it was a connection error before I posted this bug.  I just did again and it worked, so... I must have been in error.

>> and to provide an interim solution while we are waiting for
>> package signing.
> 
> All GNU ELPA packages are signed and Emacs-24.5 does check them if you
> have GPG installed.

Thanks also for this bit of information.  It should probably require that GPG be installed if package.el is to be used then, but that is a separate issue.

Sorry for the bogus report!
[Message part 2 (text/html, inline)]
This bug report was last modified 9 years and 290 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.