GNU bug report logs - #33825
25.2; Failing to verify signature for ELPA debbugs package

Previous Next

Package: emacs;

Reported by: clemera <clemens.radermacher <at> posteo.de>

Date: Fri, 21 Dec 2018 16:22:01 UTC

Severity: normal

Tags: patch

Found in version 25.2

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #26 received at 33825 <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Stefan Kangas <stefan <at> marxist.se>
Cc: 33825 <at> debbugs.gnu.org, clemera <clemens.radermacher <at> posteo.de>
Subject: Re: bug#33825: 25.2; , Failing to verify signature for ELPA debbugs
 package
Date: Mon, 16 Sep 2019 11:07:32 +0200

>>>>> On Fri, 13 Sep 2019 21:50:27 +0200, Stefan Kangas <stefan <at> marxist.se> said:

    Stefan> Robert Pluim <rpluim <at> gmail.com> writes:
    >> clemera <clemens.radermacher <at> posteo.de> writes:
    >> 
    >>>> FWIW, it verifies fine here with Emacs 25.2
    >>> 
    >>> I tried it again and now it works for me, too. Strange..., what could
    >>> have caused that it failed before?
    >> 
    >> There are 'transparent' proxies which will untar archives and then
    >> retar them, resulting in a file that fails signature verification even
    >> though the contents are identical. When you then repeat the download,
    >> the proxy knows it has previously inspected the file, and thus lets
    >> through the original. Using https solves this issue 99% of the time.
    >> 
    >> If youʼre using https already, then Iʼm out of ideas :-)

    Stefan> The reporter verified he was indeed using http.  Is there anything
    Stefan> that can or should be done here, or is this to be closed as notabug?

I think this is notabug. We can always reopen it if needed.

Robert
This bug report was last modified 5 years and 243 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.