Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installe

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installe

From:	Richard Stallman
Subject:	Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS
Date:	Mon, 10 Oct 2022 18:01:32 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I think it is very dangerous to suggest there is ANY security here, even
  > with GNU ELPA packages.

  > - There is no formal security review of packages
  > - There is no review before packages are updated. If a repository is
  >   compromised and that compromise has not been detected, an update can
  >   still occur and introduced compromised code into GNU ELPA. 

I think we had better do something about this.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Fetching or installing package dev source from VCS: manual style, (continued)
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Philip Kaludercic, 2022/10/15
  - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/15
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Sean Whitton, 2022/10/15
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Stefan Monnier, 2022/10/17
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Dr. Arne Babenhauserheide, 2022/10/16
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/16
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, tomas, 2022/10/16
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/16
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, tomas, 2022/10/16
    - Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Philip Kaludercic, 2022/10/16

Prev by Date: Re: Buliding with tree-sitter (Was: Turing on tree-sitter)
Next by Date: Re: Renaming eglot -- or at least add an alias?
Previous by thread: Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS
Next by thread: Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS
Index(es):
- Date
- Thread