GNU bug report logs -
#33825
25.2; Failing to verify signature for ELPA debbugs package
Previous Next
Reported by: clemera <clemens.radermacher <at> posteo.de>
Date: Fri, 21 Dec 2018 16:22:01 UTC
Severity: normal
Tags: patch
Found in version 25.2
Done: Stefan Kangas <stefan <at> marxist.se>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Clemens Radermacher <clemens.radermacher <at> posteo.de> writes:
> On 30.12.18 13:12, Robert Pluim wrote:
>
>> There are 'transparent' proxies which will untar archives and then
>> retar them, resulting in a file that fails signature verification even
>> though the contents are identical. When you then repeat the download,
>> the proxy knows it has previously inspected the file, and thus lets
>> through the original. Using https solves this issue 99% of the time.
>
> That's interesting thanks! For GNU ELPA I use http indeed, because I rely on Emacs
> taking care of the verification. I don't understand why those proxies should
> unpack archives though, is that for filtering purposes?
In enlightened democracies they want to see if there is any malware
hiding inside. In other types of countries they're filtering
'undesirable' content. Identifying which type youʼre living in is
becoming harder every day :-)
Robert
This bug report was last modified 5 years and 243 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.