[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#35414: 26.2; ELPA packages signed with second, unknown key
From: |
Stefan Kangas |
Subject: |
bug#35414: 26.2; ELPA packages signed with second, unknown key |
Date: |
Tue, 1 Oct 2019 00:02:49 +0200 |
Stefan Monnier <monnier@IRO.UMontreal.CA> writes:
>> No, the bug is that the signature verification should not signal an
>> error before September 2019 even if you don't have the new key.
>>
>> Could you remove the gnu-elpa-keyring-update package, and the 2019
>> key from your keyring and try and help us figure out why you get
>> those errors and I don't?
>
> Oh, wait, I see it now: I had set package-check-signature incorrectly.
> So, I can reproduce the problem now with
>
> (setq package-check-signature t)
>
> It works correctly if you've set it to the default `allow-unsigned`.
>
> I think it's a mistake: `allow-unsigned` should mean to allow installing
> packages when they don't have a signature at all, and `t` should mean
> to allow installing if at least one of the sigs is verified rather than
> only if all the sigs are verified.
>
> But that ship has sailed, so I'm going to have to rethink the transition
> to the new key. Damn!
What's the status on this? Anything else that needs doing before 27.1?
Best regards,
Stefan Kangas
- bug#35414: 26.2; ELPA packages signed with second, unknown key,
Stefan Kangas <=