|
From: | Glenn Morris |
Subject: | bug#17625: 24.4.50; All installed packages marked "unsigned", no archive listed |
Date: | Sat, 31 May 2014 15:22:40 -0400 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Glenn Morris wrote: > So all signing does AFAICS is protect against a man-in-the-middle > attack where someone impersonates elpa.gnu.org. Which the use of ssl > certs should already protect against? Although I see that package-archives uses http://elpa.gnu.org rather than https. :(
[Prev in Thread] | Current Thread | [Next in Thread] |