|
From: | Glenn Morris |
Subject: | bug#18144: Shouldn't the default package archive use HTTPS? |
Date: | Tue, 29 Jul 2014 20:03:58 -0400 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Steven Stewart-Gallus wrote: > By default (in version 24.3.50.3) the value of package-archives is > (quote (("gnu" . "http://elpa.gnu.org/packages/"))). Setting it to use > HTTPS seems to work fine. I think it should be the default. See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625#51 > Am I missing that Emacs has some other way of authenticating downloads > and so HTTPS is not needed? It supposedly supports gpg signing, but it's never been properly tested AFAIK. I don't think this report adds anything that is not covered in http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625, so I will close it. But thanks for the report.
[Prev in Thread] | Current Thread | [Next in Thread] |