GNU bug report logs - #21382
[PATCH] Use HTTPS for package repo URLs

Previous Next

Package: emacs;

Reported by: Francois Marier <francois <at> fmarier.org>

Date: Mon, 31 Aug 2015 00:22:01 UTC

Severity: wishlist

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 21382 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Francois Marier <francois <at> fmarier.org>
Cc: 21382 <at> debbugs.gnu.org
Subject: Re: bug#21382: [PATCH] Use HTTPS for package repo URLs
Date: Mon, 31 Aug 2015 12:02:09 -0400

Hi,

Francois Marier wrote:

> In order to avoid having users pull emacs packages over HTTP (where they can
> be intercepted and modified by network attackers),

elpa.gnu.org packages are gpg signed, which should prevent such modification.

> I have changed the default URLs for the package repositories to use HTTPS.

Thanks for the patch, but more is needed than just unconditionally
changing http to https. See discussion in

http://lists.gnu.org/archive/html/emacs-devel/2015-05/msg00110.html

This bug report was last modified 6 years and 19 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #21382 [PATCH] Use HTTPS for package repo URLs

GNU bug report logs - #21382
[PATCH] Use HTTPS for package repo URLs