bug#18144: Shouldn't the default package archive use HTTPS?

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18144: Shouldn't the default package archive use HTTPS?

From:	Glenn Morris
Subject:	bug#18144: Shouldn't the default package archive use HTTPS?
Date:	Tue, 29 Jul 2014 20:03:58 -0400
User-agent:	Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Steven Stewart-Gallus wrote:

> By default (in version 24.3.50.3) the value of package-archives is
> (quote (("gnu" . "http://elpa.gnu.org/packages/";))). Setting it to use
> HTTPS seems to work fine. I think it should be the default.

See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625#51

> Am I missing that Emacs has some other way of authenticating downloads
> and so HTTPS is not needed?

It supposedly supports gpg signing, but it's never been properly tested AFAIK.

I don't think this report adds anything that is not covered in
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17625,
so I will close it. But thanks for the report.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#18144: Shouldn't the default package archive use HTTPS?, Steven Stewart-Gallus, 2014/07/29
- bug#18144: Shouldn't the default package archive use HTTPS?, Glenn Morris <=

Prev by Date: bug#18149: OS X crash when passing '-nw'
Next by Date: bug#18142: Emacs starts slowly in case of wrong hostname (/etc/hosts)
Previous by thread: bug#18144: Shouldn't the default package archive use HTTPS?
Next by thread: bug#18146: 24.3.92; hebrew tutorial says C-c is rebound.
Index(es):
- Date
- Thread