[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released
From: |
Clément Pit-Claudel |
Subject: |
Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released |
Date: |
Wed, 13 Sep 2017 01:45:24 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
On 2017-09-11 22:52, Nicolas Petton wrote:
> This vulnerability was introduced in Emacs 19.29. To work around that
> in Emacs versions before 25.3, append the following to your ~/.emacs
> init file: [...]
Crazy though: why don't we hot-patch existing Emacs installations?
Concretely, that would mean including that fix in a widely used ELPA or MELPA
package. Then users would get the fix upon the next update.
In the long run, we could have an emacs-security-patches package on ELPA that's
installed by default, and we could publish security fixes to that repo.
(We don't currently have this, so we could use another common package instead
for this specific issue)
Wouldn't this make it much easier to fix vulnerabilities, without requiring a
whole-Emacs update?
Clément.
- Re: [ANNOUNCE] Emacs 25.3 released, (continued)
- Re: [ANNOUNCE] Emacs 25.3 released, Phillip Lord, 2017/09/12
- Re: [ANNOUNCE] Emacs 25.3 released, Stefan Monnier, 2017/09/12
- security-patches package (was: [ANNOUNCE] Emacs 25.3 released), Ted Zlatanov, 2017/09/14
- Re: security-patches package, Stefan Monnier, 2017/09/15
- Re: security-patches package, Ted Zlatanov, 2017/09/16
- Re: security-patches package, Phillip Lord, 2017/09/21
- Re: security-patches package, Stefan Monnier, 2017/09/21
- Message not available
- Re: security-patches package, Phillip Lord, 2017/09/25
- Re: security-patches package, Ted Zlatanov, 2017/09/22
- Re: security-patches package, Stephen Leake, 2017/09/23
Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released,
Clément Pit-Claudel <=
Re: [ANNOUNCE] Emacs 25.3 released, Charles A. Roelli, 2017/09/13