[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii
|
From: |
Clément Pit-Claudel |
|
Subject: |
Re: [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii |
|
Date: |
Sun, 29 Aug 2021 19:38:54 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 8/29/21 6:52 PM, Adam Porter wrote:
> Hi Stefan, et al,
>
> Having added taxy.el to ELPA, I noticed that its README.org file isn't
> very readable on the ELPA site, because it's rendered as a raw file,
> including long lines that extend beyond the edge of the HTML PRE block,
> raw Org-syntax, etc.
>
> Thankfully, Org has an ASCII/UTF-8 export backend that cleanly renders
> Org to plain text. It only took a few lines of to make use of it.
> Please see the attached patches. (While I was at it, I took the liberty
> of adding a couple of docstrings and renaming a few variables to help me
> understand the code.)
How much does security matter in this case? AFAIR exporting an Org file can
run arbitrary code; would this patch allow a package in ELPA to subvert the
build process of another package?
And if so, is that a problem, or is there sufficient scrutiny of the inputs to
ELPA? IIRC any package author can push to ELPA and updates will propagate
immediately, so the worry would be that in the time between the introduction of
a worm and its detection a large number of end users might install bad code.
Clément.