[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17625: 24.4.50; All installed packages marked "unsigned", no archive
From: |
Stefan Monnier |
Subject: |
bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed |
Date: |
Sun, 22 Jun 2014 08:30:09 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) |
>> I suggest creating a test package on elpa.gnu.org that is signed to see
>> how it works.
> Is anyone interested in doing this?
> This feature seems like it might be almost there, so IMO it would seem
> like a shame to release 24.4 without ever testing this in the wild.
I could try if someone tells me what I need to do.
>> If package-check-signature has its default value, `allow-unsigned', you
>> can happily install a package with no signature, but trying to install
>> one that _is_ signed, but for which you don't have the public key, fails
>> with "Failed to verify signature".
> I think that is a potential show-stopper.
The "failed to verify" should distinguish the "we don't have the key"
case from the "signature is invalid" case, indeed.
> Perhaps archives could also provide keys for download in a standard location.
> The first time you connect to a given archive, Emacs could offer to
> download and import the key (with a suitable warning). Or is this crazy?
No, it sounds reasonable. We'll also need support for updating the key,
at some point.
Stefan
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/05
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/21
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed,
Stefan Monnier <=
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/23
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/23
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/23
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/24
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/25
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/25
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25