[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cannot download packages from elpa

From: Dmitry Gutov
Subject: Re: cannot download packages from elpa
Date: Thu, 3 Oct 2019 17:19:18 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

On 03.10.2019 4:55, Stefan Monnier wrote:
If you use an older Emacs to fetch the packages you need to first update
the keys or disable signature checking.

I wonder: if we served ELPA over HTTPS only, would the signature checking really add any tangible security benefit?

To continue that train of thought, if the only key we had to worry in that respect is the HTTP certificate, the older releases of Emacs would need no updates over time (aside from changing the repo url to https:// once).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]