[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35414: 26.2; ELPA packages signed with second, unknown key
From: |
Brandon Invergo |
Subject: |
bug#35414: 26.2; ELPA packages signed with second, unknown key |
Date: |
Thu, 25 Apr 2019 09:36:45 +0100 |
User-agent: |
mu4e 1.2.0; emacs 26.2 |
Stefan Monnier writes:
> But that ship has sailed, so I'm going to have to rethink the transition
> to the new key. Damn!
At this point, it might just suffice to spread the word far and wide
that people using ELPA package verification need to 1) disable
verification, 2) install the transition package, and then 3) re-enable
verification. A few well-placed announcements should directly reach a
substantial portion of ELPA users, while also potentially getting the
info indexed in search engines for more people to find when they get
affected.
All that said, I'm not an expert but an alternative strategy for the
future might be to extend the life of the original key (gpg --edit-key),
send it to a keyserver (gpg --send-keys), and then write an
"package-update-keyring" procedure that pulls updated public keys from
the keyserver (equivalent to gpg --recv-keys). Of course, that doesn't
help the people who are not running the latest release that features the
update procedure, so a transitional package on ELPA that provides it
would still be necessary.
--
-brandon
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Brandon Invergo, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Glenn Morris, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Brandon Invergo, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Stefan Monnier, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Glenn Morris, 2019/04/24
- bug#35414: 26.2; ELPA packages signed with second, unknown key, Eli Zaretskii, 2019/04/25
- bug#35414: 26.2; ELPA packages signed with second, unknown key,
Brandon Invergo <=