bug#19479: Package manager vulnerable

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19479: Package manager vulnerable

From:	Richard Stallman
Subject:	bug#19479: Package manager vulnerable
Date:	Tue, 06 Jan 2015 23:27:03 -0500

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > If you expect him to know the latest version number of a package
  > (without relying on the gnu.org webserver to find out, in case
  > it's compromised),

It is normal for users to find the latest version based on gnu.org.
So we don't expect that.

   > and you expect him to manually verify that his download is the
   > latest version (in addition to verifying the signature, of
   > course),

The file name has the version in it.

So it seems we have a problem to fix.  Would you like to help
us fix it?

-- 
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#19479: Copyright issue, (continued)
- bug#19479: (on-topic) Re: bug#19479: Package manager vulnerable, Kelly Dean, 2015/01/10
- bug#19479: Disclaimer is now on file at FSF, Kelly Dean, 2015/01/20
- bug#19479: Package manager vulnerable, Kelly Dean, 2015/01/06
  - bug#19479: Package manager vulnerable, Richard Stallman <=

Prev by Date: bug#19514: 25.0.50; byte-compile-file too tight-lipped
Next by Date: bug#19363: Acknowledgement (24.4.1; Notifications can make ERC unusable)
Previous by thread: bug#19479: Package manager vulnerable
Next by thread: bug#19480: (no subject)
Index(es):
- Date
- Thread