GNU bug report logs - #51038
27.2; ELPA certificate not trusted on Windows

Previous Next

Full log

View this message in rfc822 format

From: Ioannis Kappas <ioannis.kappas <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: john <at> rootabega.net, 51038 <at> debbugs.gnu.org, Lars Ingebrigtsen <larsi <at> gnus.org>, emacs-hoffman <at> snkmail.com
Subject: bug#51038: 27.2; ELPA certificate not trusted on Windows
Date: Thu, 28 Oct 2021 20:34:05 +0100

On Mon, Oct 25, 2021 at 6:18 PM Ioannis Kappas <ioannis.kappas <at> gmail.com> wrote:
>
> On Mon, Oct 25, 2021 at 12:48 PM Eli Zaretskii <eliz <at> gnu.org> wrote:
> >
> > > From: Ioannis Kappas <ioannis.kappas <at> gmail.com>
> > > Date: Sun, 24 Oct 2021 21:30:09 +0100
> > > Cc: john <at> rootabega.net, 51038 <at> debbugs.gnu.org, emacs-hoffman <at> snkmail.com,
> > >       Lars Ingebrigtsen <larsi <at> gnus.org>
> > >
>
> > > If this is the official position, IMHO it should be clearly stated
> > > somewhere obvious (unless I missed it). Otherwise people old or new to
> > > emacs think these precompiled binaries are officially supported by the
> > > project maintainers and should work out of the box.
> >
> > You are reading too much into that text.  It doesn't say anywhere that
> > these binaries are "official', nor even that they are endorsed or
> > blessed by the project.  I don't think it's reasonable to expect us to
> > have a disclaimer near any binary distribution of Emacs saying it
> > isn't "official".  There are more sites out there which distribute
> > precompiled binaries of Emacs.
>
> I believe the perception for the majority of users new or old to Emacs
> is that these are the official binaries. As of a random example, the
> Emacs Wiki @ https://www.emacswiki.org/emacs/MsWindowsInstallation
> reads (the *** are mine):
>
> """ Guidelines for installing Emacs on MS Windows
>
> To install the ***official*** stable binaries:

Hi again, here is some more evidence that these prebuild binaries are
widely considered to be official GNU packages. They are picked up by
the two major MS-Windows package managers I am aware of, and thus
almost everyone is affected when something goes wrong:

Chocolatey: https://community.chocolatey.org/packages/Emacs

Scoop: https://github.com/ScoopInstaller/Extras/blob/master/bucket/emacs.json

(and what Eldev used as an installer in the GitHub action:
https://github.com/purcell/setup-emacs)

I would like to stress again that IMO it should be made clear
somewhere prominent that these precompiled binaries published on the
GNU ftp site are unofficial, unmaintained,  unsupported binary
packages (as I believe is Eli's position) and people or processes
should not rely  on them, but rather build their own packages from
source (which is a non-trivial task for many people and requires
access to MSYS2). I don't believe the package managers are wrong here
for picking up the binaries from the official GNU site. It is the
inherited belief that these are official supported binaries that is
the issue IMHO.

Sorry for bringing this up again, but I do believe this is a major
issue which requires addressing affecting many people and processes
out there.

Thanks

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.