Package: emacs24
Version: 24.5+1-1
Severity: normal
Tags: patch
emacs currently uses http://elpa.gnu.org as the default built-in package
repository.
Fortunately, that server already works over HTTPS too, so my patch simply
changes the default config to use an HTTPS URL for this.
I will submit this change upstream too, but it would be great if Debian
users could be protected before emacs25.
Francois
>From 8b194e2ce9850c40f75d8a79aa6fc952971710b7 Mon Sep 17 00:00:00 2001
From: Francois Marier <franc...@debian.org>
Date: Sun, 30 Aug 2015 11:31:21 -0700
Subject: Use HTTPS when talking to elpa.gnu.org
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 7c4f21f..445af4e 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -204,7 +204,7 @@ If VERSION is nil, the package is not loaded (it is \"disabled\")."
:risky t
:version "24.1")
-(defcustom package-archives '(("gnu" . "http://elpa.gnu.org/packages/";))
+(defcustom package-archives '(("gnu" . "https://elpa.gnu.org/packages/";))
"An alist of archives from which to fetch.
The default value points to the GNU Emacs package repository.
--
2.5.1
