[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
chad |
|
Subject: |
Re: ELPA security |
|
Date: |
Sun, 6 Jan 2013 23:18:45 -0800 |
On 06 Jan 2013, at 22:09, Jambunathan K <address@hidden> wrote:
> The main problem is not that of security per se. The main problem is
> reliability. The packages will break, the author wouldn't care about
> responding to questions or fixing things, the functionality itself could
> be broken in unknown ways etc.
I don't know what you consider the `main' problem, but right now
there are kits out on the web that could pretty easily be adapted
to transparently compromise anyone who ever uses any package
from any package.el repository. As I understand it, that's the first
line of concern that's sparked the conversation.
I'm not a security expert, but I used to work with several. It's almost
always easier and better to add (basic) security to a system as soon
as you can; the resistance to change and effort builds up very fast.
It might already be too late for the first version of ELPA.
Hope that helps,
~Chad
- Re: ELPA security, Achim Gratz, 2013/01/05
- Re: ELPA security, Ted Zlatanov, 2013/01/06
- Re: ELPA security, Paul Nathan, 2013/01/07
- Re: ELPA security, Jambunathan K, 2013/01/07
- Re: ELPA security, Paul Nathan, 2013/01/07
- Re: ELPA security, Jambunathan K, 2013/01/07
- Re: ELPA security, Paul Nathan, 2013/01/07
- Re: ELPA security, Stephen J. Turnbull, 2013/01/07
- Re: ELPA security,
chad <=
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stephen J. Turnbull, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/07
- Re: ELPA security, Stefan Monnier, 2013/01/07
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08
- Re: ELPA security, Stefan Monnier, 2013/01/08
- Re: ELPA security, Ted Zlatanov, 2013/01/08