[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Enforcing TLS for GNU ELPA
From: |
Stefan Monnier |
Subject: |
Re: Enforcing TLS for GNU ELPA |
Date: |
Mon, 19 Oct 2020 18:30:17 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
> Some time ago I've contributed a change to a certain package
> repository's webserver setup that responds to http:// requests with a
> 301 redirect to the https:// version. Should the same be done for GNU
> ELPA? Why/why not?
I'd vote for no: I'm happy to encourage the use of `https` but that
would prevent access over `http` which doesn't seem like
a friendly choice.
I'm not sure what would be the benefits (and for whom).
> - There's still Windows users who do not have an installation with the
> gnutls libraries, despite the strong suggestion to download it for the
> full experience.
We could emit a disapproving message from package.el when gnutls is
unavailable (same thing for PGP, incidentally).
Stefan