[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installe
From: |
Richard Stallman |
Subject: |
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS |
Date: |
Mon, 10 Oct 2022 18:01:32 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> I think it is very dangerous to suggest there is ANY security here, even
> with GNU ELPA packages.
> - There is no formal security review of packages
> - There is no review before packages are updated. If a repository is
> compromised and that compromise has not been detected, an update can
> still occur and introduced compromised code into GNU ELPA.
I think we had better do something about this.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Stefan Monnier, 2022/10/08
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Tim Cross, 2022/10/08
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS,
Richard Stallman <=
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Philip Kaludercic, 2022/10/15
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/15
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Dr. Arne Babenhauserheide, 2022/10/16
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/16
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, tomas, 2022/10/16
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Eli Zaretskii, 2022/10/16
- Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, tomas, 2022/10/16
Re: feature/package+vc 04c4c578c7 3/4: Allow for packages to be installed directly from VCS, Philip Kaludercic, 2022/10/16