[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ubuntu 16.04 server --- Contacting host: elpa.gnu.org:80 when packag
|
From: |
Robert Pluim |
|
Subject: |
Re: Ubuntu 16.04 server --- Contacting host: elpa.gnu.org:80 when package-refresh-contents |
|
Date: |
Wed, 17 Jan 2018 15:41:16 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.91 (gnu/linux) |
Dan Čermák <dan.cermak@cgc-instruments.com> writes:
> The tile sounds a little click-baity, but it is actually a good tutorial
> how to secure the connection to (m)elpa.
>
> Afaik there has been no malware on melpa, but if you download your
> packages via http, someone could in theory tamper with your connection
> and inject malicious code.
>
> So, don't panic & use https ;-)
The upcoming Emacs 26 should be much better in this regards, as it
uses https by default for elpa downloads. Some of the advice in that
blog entry is still useful though.
Robert
Message not available