[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package
From: |
Robert Pluim |
Subject: |
bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package |
Date: |
Tue, 17 Sep 2019 15:34:04 +0200 |
>>>>> On Mon, 16 Sep 2019 21:13:13 +0200, Stefan Kangas <stefan@marxist.se>
>>>>> said:
Stefan> Eli Zaretskii <eliz@gnu.org> writes:
>> > How about also adding a recommendation to use https, as far as
>> > possible, for package archives? I guess that could be added to both
>> > the doc string of package-archives and possibly also the manual. That
>> > would help security and avoid issues such as these.
>>
>> I'd leave this out of the manual. Doc string should be enough.
Stefan> Thanks. How about the attached patch?
Nits below
Stefan> Best regards,
Stefan> Stefan Kangas
Stefan> From afc49ccd4e3e593f1f2dfffbdd6e457132efa9cd Mon Sep 17 00:00:00
2001
Stefan> From: Stefan Kangas <stefankangas@gmail.com>
Stefan> Date: Mon, 16 Sep 2019 21:09:32 +0200
Stefan> Subject: [PATCH] Recommend https for package-archives
Stefan> * lisp/emacs-lisp/package.el (package-archives): Doc fix to
recommend
Stefan> using https sources instead of http where possible.
Stefan> (Bug#33825)
"Recommend using https..." is shorter and more direct.
Stefan> ---
Stefan> lisp/emacs-lisp/package.el | 5 ++++-
Stefan> 1 file changed, 4 insertions(+), 1 deletion(-)
Stefan> diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
Stefan> index ef0c5171de..69c4427e0a 100644
Stefan> --- a/lisp/emacs-lisp/package.el
Stefan> +++ b/lisp/emacs-lisp/package.el
Stefan> @@ -214,7 +214,10 @@ package-archives
Stefan> (Other types of URL are currently not supported.)
Stefan> Only add locations that you trust, since fetching and installing
Stefan> -a package can run arbitrary code."
Stefan> +a package can run arbitrary code.
Stefan> +
Stefan> +It is advisable to prefer HTTPS URLs over HTTP URLs where
Stefan> +possible, for improved security and stability."
Similarly: "HTTPS URLs should be used where possible, as they offer
superior security."
"stability" is not really something you can define, so probably better
not to mention it..
Robert
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Stefan Kangas, 2019/09/13
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Robert Pluim, 2019/09/16
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Stefan Kangas, 2019/09/16
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Robert Pluim, 2019/09/16
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Eli Zaretskii, 2019/09/16
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Stefan Kangas, 2019/09/16
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package,
Robert Pluim <=
- bug#33825: 25.2; , Failing to verify signature for ELPA debbugs package, Stefan Kangas, 2019/09/20