From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 06 05:33:10 2023 Received: (at submit) by debbugs.gnu.org; 6 Oct 2023 09:33:10 +0000 Received: from localhost ([127.0.0.1]:49128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qohCn-0000NM-Qd for submit@debbugs.gnu.org; Fri, 06 Oct 2023 05:33:10 -0400 Received: from lists.gnu.org ([2001:470:142::17]:58590) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qohCk-0000Mj-41 for submit@debbugs.gnu.org; Fri, 06 Oct 2023 05:33:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qohCK-00063M-V3 for bug-gnu-emacs@gnu.org; Fri, 06 Oct 2023 05:32:40 -0400 Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qohCH-0007Ar-9i for bug-gnu-emacs@gnu.org; Fri, 06 Oct 2023 05:32:40 -0400 Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-50585357903so2531514e87.2 for ; Fri, 06 Oct 2023 02:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696584755; x=1697189555; darn=gnu.org; h=to:subject:message-id:date:mime-version:references:from:from:to:cc :subject:date:message-id:reply-to; bh=bFfIIg2xxxeRHUaOjzQZVzewNxsyE26D1OkCfSgQ1do=; b=NYaGLVpYH5QF5IsqJyGdTq32WXdjoox6VQPc9PktJCoKpD9E009JSurkQm1adc1WHW Sgyixu5x4OTyUp18YKJBHOfzKAulLPU1UXHOSploa7b1/4zUJ+etv6mhwWiI9vflTBrb GjVOlXsSyZqeQZVR0fZjFKjaaCXhUKjCP7axhcKe8GKs6C7E5DV0Ke0Frgzk3uclTLCa 2fL/GngFYhKdCmomoaA7qIMID7vbWPw//PUF9nu3eQvz8vSuQ/qkpKqX+bbyeyWxvlUP G3t2RYcCjr3bbNnwQ567+Lo9YuBHNhR8z37VgoLNzhl8sc28Quwf313gg4ROsTk+Q+2y hBMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696584755; x=1697189555; h=to:subject:message-id:date:mime-version:references:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bFfIIg2xxxeRHUaOjzQZVzewNxsyE26D1OkCfSgQ1do=; b=cqFIVT8evWGTSn5cO5OTaHavErDsdWkA5BXbqMJ+LCDZQ18HUjCRD5uCokRkq8i3K3 +yRQHIe7clJeV6mLfKrXDel9puNks2rALxGT28xojWcvosSvo9+YTWcYSLB4fbWD9Fdb 5KCL3ees+6KmhVnTFFL7TcShSvv9XoU9U7rIiNujUwgsCZLcJFlFKq5SupHYbSCdFhWh ROC7+fdtYHSE1qAAlwwegdOg8lRGJYOVABItgwzZB7S556b0yx09xmnFmow5+6++ICRn 2GG3V5jI57kAe4+UCHxoBMdHCuGSOXEGvruOXnNX6d6py3FxkbjuHzJGVq2dyr5K2NvN 6jPQ== X-Gm-Message-State: AOJu0YwLZ6yDErmEODIC4tRpZ58N+edbO1eP5MdYHslu4TfdVsNeem9z nHi4aQ0bmMhcElxO2//62g2Kve0v5vYbCBlnfsKQueyT X-Google-Smtp-Source: AGHT+IGDUAat3drCfU+ze5fzJzQn5hWiu9UEZ5cQVVGLHk3PD5tbtibCKrLxI6U0Tq00oZAxzTEAh+y02Rtm1EbERkA= X-Received: by 2002:a05:6512:318a:b0:503:1bb0:a658 with SMTP id i10-20020a056512318a00b005031bb0a658mr7443951lfe.32.1696584754538; Fri, 06 Oct 2023 02:32:34 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Fri, 6 Oct 2023 09:32:34 +0000 From: Stefan Kangas References: <83edqnyz00.fsf@gnu.org> MIME-Version: 1.0 Date: Fri, 6 Oct 2023 09:32:34 +0000 Message-ID: Subject: Change package-check-signature default to t To: bug-gnu-emacs@gnu.org Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2a00:1450:4864:20::12e; envelope-from=stefankangas@gmail.com; helo=mail-lf1-x12e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Severity: wishlist I propose to change the default of `package-check-signature' to t when gpg is available. Previous discussion here: https://lists.gnu.org/r/emacs-devel/2023-02/msg00680.html The current default is `allow-unsigned', which is about as useful for security purposes as if it was nil. But if the default is t, users will be forced to have OpenPGP installed. In the above discussion, Eli suggested: > We could also display a warning, once, when we detect that OpenPGP is > not available and set the value to allow-unsigned. This way the user > is alerted to the problem and can take action to fix it. I'd add that we could also prompt in this situation, perhaps something along the lines of: "No working PGP installation detected; install package(s) without verifying signature (unsafe)? (y/n)"