Package: emacs25 Version: 25.1+1-3+b1 Severity: normal I'm getting this when running emacs -q after adding adding the Marmalade repo (https://marmalade-repo.org/packages/):
https://paste.anarc.at/snaps/snap-2017.04.24-12.53.11.png This is after running package-list-packages with the Marmalade repo configured, running under emacs -q. Hitting "always" in that dialog creates the following file in .emacs.d/network-security.data: ( (:id "sha1:85457c729378cc93c732b6a3941c8e4f9c2e60f3" :fingerprint "sha1:ab:a6:d7:6a:b3:d3:63:fa:19:0d:65:41:60:23:6e:ef:d3:2a:46:dc" :host "marmalade-repo.org:443" :conditions (:unknown-ca :invalid)) ) There are two distinct problems here: 1. the marmalade-repo.org should be trusted. it works in Firefox and Chromium - this is probably out of scope here and has been reported in: https://github.com/nicferrier/elmarmalade/issues/144 2. the exception shouldn't use a SHA-1 exception, which is now well known to be weak Of course, marmelade now seems like it's dead and we should move on, but this may happen on other repositories and it seems like a bad idea to store exceptions in SHA-1. Thanks, A. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing'), (1, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: armhf Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages emacs25 depends on: ii emacs25-bin-common 25.1+1-3+b1 ii gconf-service 3.2.6-4+b1 ii libacl1 2.2.52-3+b1 ii libasound2 1.1.3-5 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-9 ii libcairo-gobject2 1.14.8-1 ii libcairo2 1.14.8-1 ii libdbus-1-3 1.10.18-1 ii libfontconfig1 2.11.0-6.7+b1 ii libfreetype6 2.6.3-3.1 ii libgconf-2-4 3.2.6-4+b1 ii libgdk-pixbuf2.0-0 2.36.5-2 ii libgif7 5.1.4-0.4 ii libglib2.0-0 2.50.3-2 ii libgnutls30 3.5.8-5 ii libgomp1 6.3.0-14 ii libgpm2 1.20.4-6.2+b1 ii libgtk-3-0 3.22.11-1 ii libice6 2:1.0.9-2 ii libjpeg62-turbo 1:1.5.1-2 ii libm17n-0 1.7.0-3+b1 ii libmagickcore-6.q16-3 8:6.9.7.4+dfsg-6 ii libmagickwand-6.q16-3 8:6.9.7.4+dfsg-6 ii libotf0 0.9.13-3+b1 ii libpango-1.0-0 1.40.4-1 ii libpangocairo-1.0-0 1.40.4-1 ii libpng16-16 1.6.28-1 ii librsvg2-2 2.40.16-1+b1 ii libselinux1 2.6-3+b1 ii libsm6 2:1.2.2-1+b3 ii libtiff5 4.0.7-6 ii libtinfo5 6.0+20161126-1 ii libx11-6 2:1.6.4-3 ii libx11-xcb1 2:1.6.4-3 ii libxcb1 1.12-1 ii libxfixes3 1:5.0.3-1 ii libxft2 2.3.2-1+b2 ii libxinerama1 2:1.1.3-1+b3 ii libxml2 2.9.4+dfsg1-2.2 ii libxpm4 1:3.5.12-1 ii libxrandr2 2:1.5.1-1 ii libxrender1 1:0.9.10-1 ii zlib1g 1:1.2.8.dfsg-5 emacs25 recommends no packages. Versions of packages emacs25 suggests: ii emacs25-common-non-dfsg 25.1+1-1 -- no debconf information
