[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released

From: Clément Pit-Claudel
Subject: Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released
Date: Wed, 13 Sep 2017 01:45:24 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

On 2017-09-11 22:52, Nicolas Petton wrote:
> This vulnerability was introduced in Emacs 19.29.  To work around that
> in Emacs versions before 25.3, append the following to your ~/.emacs
> init file: [...]

Crazy though: why don't we hot-patch existing Emacs installations?
Concretely, that would mean including that fix in a widely used ELPA or MELPA 
package. Then users would get the fix upon the next update.

In the long run, we could have an emacs-security-patches package on ELPA that's 
installed by default, and we could publish security fixes to that repo.
(We don't currently have this, so we could use another common package instead 
for this specific issue)

Wouldn't this make it much easier to fix vulnerabilities, without requiring a 
whole-Emacs update?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]