[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security-patches package

From: Ted Zlatanov
Subject: Re: security-patches package
Date: Sat, 16 Sep 2017 11:50:02 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

On Fri, 15 Sep 2017 08:32:16 -0400 Stefan Monnier <address@hidden> wrote: 

SM> having a "security-patches" package might make sense.
>> I would love to see that as well, especially if it was well tested in a
>> CI system against various versions of Emacs.
>> What needs to happen so the experience is seamless?

SM> Step one is to create this package in elpa.git, putting the fix for the
SM> enriched.el bug.

A package is pretty easy but I have a few questions before putting that

* how do we prevent accidental or malicious commits to this package?
  Could it maybe live in a special "GNU ELPA security updates" archive
  separate from elpa.git?

* should it be signed+released in a special way? How do we test it?

* what version of Emacs will begin to check for this package?

* Can we do push notifications somehow or are we limited to polling?

* should there be a special mailing list for internal discussions?

* how do we make the experience seamless (on startup, during a
  long-running session, unattended, for a whole site)?

In a related vein, I mentioned a while ago that it would be really nice
to see the changes (from what's installed) to all the code in a package
before upgrading it. I think for security updates that would be
especially useful.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]