[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Release-critical bugs

From: Stefan Monnier
Subject: Re: Release-critical bugs
Date: Wed, 24 Sep 2014 11:04:25 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)

>   http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625 [i|*| ] [emacs] details
> of package signing mechanism 
>   Reported by: Eric Abrahamsen <eric <at> ericabrahamsen.net>; Date: Thu, 29
> May 2014 03:12:01 UTC; Severity: important; Tags: security; Found in version
> 24.4.50; Filed 118 days
>   ago; Modified 89 days ago; 

> Daiki Ueno made some fixes. Stefan got the detailed steps for generating
> a package signature and we need at least one package plus the
> archive-contents signed by the maintainer in the GNU ELPA to test the
> client behavior. This seems OK to me as far as the code.

> Stefan suggested some behavior changes that we can implement and test
> easily, but are not IMO critical for the release.

The GNU ELPA archive is now signed and the emacs-24 branch comes with
the corresponding public public key.  In my tests, this works OK, but
please try to install packages from GNU ELPA with and without GPG
installed, and try it also with package-check-signature set to t.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]