[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA policy

From: Alex Schröder
Subject: Re: ELPA policy
Date: Thu, 12 Nov 2015 18:29:30 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (darwin)

Drew Adams <address@hidden> writes:

> Again: "I post my code to Emacs Wiki (to locked pages)."
> But of course that doesn't mean it is uncrackable.

Given that Emacs Wiki currently does not use HTTPS, we should consider
Emacs Wiki insecure. Even then, the admin passwords are shared and there
are no other efforts made to identify editors once they present the
admin password. The current setup only protects against the simplest of
threat models, e.g. spammers, vandals, well-meaning contributors that
want to edit wiki pages instead of informing maintainers, and so on. I
think that's the threat model wiki pages need to defend against, but I
suspect that's not good enough for an inclusion into Emacs Core.

Public Key Fingerprint = DF94 46EB 7B78 4638 7CCC  018B C78C A29B ACEC FEAE

reply via email to

[Prev in Thread] Current Thread [Next in Thread]