bug#66369: Change package-check-signature default to t

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66369: Change package-check-signature default to t

From:	Stefan Kangas
Subject:	bug#66369: Change package-check-signature default to t
Date:	Fri, 6 Oct 2023 09:32:34 +0000

Severity: wishlist

I propose to change the default of `package-check-signature' to t when
gpg is available.

Previous discussion here:

    https://lists.gnu.org/r/emacs-devel/2023-02/msg00680.html

The current default is `allow-unsigned', which is about as useful for
security purposes as if it was nil.  But if the default is t, users will
be forced to have OpenPGP installed.

In the above discussion, Eli suggested:

> We could also display a warning, once, when we detect that OpenPGP is
> not available and set the value to allow-unsigned.  This way the user
> is alerted to the problem and can take action to fix it.

I'd add that we could also prompt in this situation, perhaps something
along the lines of:

    "No working PGP installation detected; install package(s) without
    verifying signature (unsafe)? (y/n)"

[Prev in Thread]

Current Thread

[Next in Thread]

bug#66369: Change package-check-signature default to t, Stefan Kangas <=

Prev by Date: bug#63285: 30.0.50; CC Mode: K&R argument declaration misdetection after parenthesized type
Next by Date: bug#66332: Xref mode-line
Previous by thread: bug#63265: 28.3; elpa: inspector installation fails without treeviewer
Next by thread: bug#64440: 30.0.50; [PATCH] Highlight on non toolkit menu bar items
Index(es):
- Date
- Thread