GNU bug report logs - #35739
[w32] Bad signature from GNU ELPA for archive-contents

Previous Next

Full log

Message #55 received at 35739 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: rcopley <at> gmail.com, 35739 <at> debbugs.gnu.org, npostavs <at> gmail.com
Subject: Re: bug#35739: Bad signature from GNU ELPA
Date: Wed, 22 May 2019 20:09:41 +0300

> From: Stefan Monnier <monnier <at> iro.umontreal.ca>
> Cc: rcopley <at> gmail.com,  35739 <at> debbugs.gnu.org,  npostavs <at> gmail.com
> Date: Wed, 22 May 2019 12:20:01 -0400
> 
> It solves the problem by refraining from decoding until we know
> positively that it needs to happen.

You refrain from decoding what?  E.g., Lisp files must be in UTF-8,
right?  And what about the descriptions we show in lisp-packages?

Or maybe I don't really understand why we need to decode _anything_,
since we just download a .tar archive, right?

> > I'm also mildly worried about the incompatible change in url-insert,
> > which is a general-purpose function not limited to package.el and its
> > signature verification.
> 
> Yes, this part should definitely not be in emacs-26.

I'm actually asking why it should be on master.

> the change in url-insert only affects the case where the HTTP
> headers returned by the server specify a particular "charset", which
> is not the case when downloading .tar and .el files from
> elpa.gnu.org AFAICT

Why not? isn't that dangerous?

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.