[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alerting users to new releases
From: |
Phillip Lord |
Subject: |
Re: Alerting users to new releases |
Date: |
Thu, 21 Sep 2017 21:05:20 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3.50 (gnu/linux) |
Etienne Prud’homme <address@hidden> writes:
> "Perry E. Metzger" <address@hidden> writes:
>
>> Would it be reasonable if a feature was added to Emacs to alert the
>> user that a newer version of Emacs existed? Or would the potential
>> privacy issues, even if the check could be turned off, exceed the
>> benefit?
>
> I was actually thinking about the same thing!
>
> We could of course allow an opt-in variable that would allow checking
> for any vulnerability in the current GNU Emacs version installed, but
> most people won’t be aware of it or won’t bother using it.
>
> One way to get around it would be to use the ELPA protocol. When
> downloading packages, there could be a file describing current
> vulnerabilities and affected versions. The client will then warn the
> user accordingly and allow displaying a custom message.
There has already been a discussion about a security patches
package. Surely this is the same thing? I mean, you add a "release"
package. New release happens, "release" on ELPA gets updated.
If 26.0 checked for new packages and auto-upgraded "security" and
"release", then we would have everything we need.
Phil