[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Enforcing TLS for GNU ELPA
From: |
Vasilij Schneidermann |
Subject: |
Enforcing TLS for GNU ELPA |
Date: |
Tue, 20 Oct 2020 00:10:20 +0200 |
Some time ago I've contributed a change to a certain package
repository's webserver setup that responds to http:// requests with a
301 redirect to the https:// version. Should the same be done for GNU
ELPA? Why/why not?
Some data points for the "why not" faction I've discovered after that
change:
- There's still Windows users who do not have an installation with the
gnutls libraries, despite the strong suggestion to download it for the
full experience.
- Emacs versions below 26.1 are affected by a HTTPS proxy bug [1] that
makes life in corporate environments hard.
- The initializer of `package-archives` already generates the
appropriate URL, so this will affect people who have redefined that
variable and break their setup for no reason.
signature.asc
Description: PGP signature
- Enforcing TLS for GNU ELPA,
Vasilij Schneidermann <=