Enforcing TLS for GNU ELPA

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Enforcing TLS for GNU ELPA

From:	Vasilij Schneidermann
Subject:	Enforcing TLS for GNU ELPA
Date:	Tue, 20 Oct 2020 00:10:20 +0200

Some time ago I've contributed a change to a certain package
repository's webserver setup that responds to http:// requests with a
301 redirect to the https:// version.  Should the same be done for GNU
ELPA?  Why/why not?

Some data points for the "why not" faction I've discovered after that
change:

- There's still Windows users who do not have an installation with the
  gnutls libraries, despite the strong suggestion to download it for the
  full experience.
- Emacs versions below 26.1 are affected by a HTTPS proxy bug [1] that
  makes life in corporate environments hard.
- The initializer of `package-archives` already generates the
  appropriate URL, so this will affect people who have redefined that
  variable and break their setup for no reason.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Enforcing TLS for GNU ELPA, Vasilij Schneidermann <=
- Re: Enforcing TLS for GNU ELPA, Vasilij Schneidermann, 2020/10/19
- Re: Enforcing TLS for GNU ELPA, Stefan Monnier, 2020/10/19
  - Re: Enforcing TLS for GNU ELPA, tomas, 2020/10/20
- Re: Enforcing TLS for GNU ELPA, Jean Louis, 2020/10/20
  - Re: Enforcing TLS for GNU ELPA, Vasilij Schneidermann, 2020/10/20
    - Re: Enforcing TLS for GNU ELPA, Jean Louis, 2020/10/26

Prev by Date: Re: Proposal to include obligatory PGP verification of packages from any repository
Next by Date: Re: Enforcing TLS for GNU ELPA
Previous by thread: Best way to sync package versions between Emacs and GNU ELPA?
Next by thread: Re: Enforcing TLS for GNU ELPA
Index(es):
- Date
- Thread