bug#17625: 24.4.50; All installed packages marked "unsigned", no archive

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17625: 24.4.50; All installed packages marked "unsigned", no archive

From:	Stefan Monnier
Subject:	bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed
Date:	Mon, 23 Jun 2014 17:21:48 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)

> Eg if clients automatically (even with prompting) install public keys
> from the package server the first time they connect, then this leaves
> zero protection against a man-in-the-middle attack. I connect to
> something that says it is elpa.gnu.org and install the key it offers.
> I have no way to know if it really is elpa.gnu.org.

SSH does it this way and nobody really complains loudly about it:
basically, you have to trust the initial connection, but not subsequent
ones (since you already have the key at that point).

> (With elpa.gnu.org we should distribute the public key in the Emacs etc/
> directory.)

Yes.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/05
- bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/21
  - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/22
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/23
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/23
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier <=
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/24
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Glenn Morris, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/25
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Daiki Ueno, 2014/06/26
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Stefan Monnier, 2014/06/26
    - bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed, Ted Zlatanov, 2014/06/26

Prev by Date: bug#17837: 24.4.50; Search very slow
Next by Date: bug#17831: 24.4.50; bad default value for `Man-width'
Previous by thread: bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed
Next by thread: bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed
Index(es):
- Date
- Thread