[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why are so many great packages not trying to get included in GNU Ema

From: Andrea Corallo
Subject: Re: Why are so many great packages not trying to get included in GNU Emacs?
Date: Fri, 24 Apr 2020 08:56:20 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Tim Cross <address@hidden> writes:

> I don't think it is quite that simple.
> Your not just trusting that person will do the right thing. You are
> also trusting that they also have good operational security. It is
> precisely this sort of trust model which resulted n a number of GNU/
> Linux distributions being compromised in the past.

IMO the comparison does not stand.  We are not talking about a big
volume of binaries hard to verify that are continuously pushed by
developers.  With the current volume of commits we have on ELPA the eyes
of other developers on elpa-diffs are sufficient.

I believe giving a little more responsibilities to developers is also a
fundamental stimulus to involve them more.

This need for security is most likely not to be beneficial and BTW I'm
not sure is backuped by specific examples of the past happen in the ELPA repo.

Lastly wanted to mention that yeah... as a last resource 'git revert'
exists :)




reply via email to

[Prev in Thread] Current Thread [Next in Thread]