[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#32544: [ELPA] core packages need generated files
From: |
Glenn Morris |
Subject: |
bug#32544: [ELPA] core packages need generated files |
Date: |
Mon, 27 Aug 2018 22:13:06 -0400 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Stefan Monnier wrote:
> I think the reasons why I'm more worried about elpa.gnu.org than the
> end-user's machines include:
>
> - very little time between the moment we receive the commit-diffs by
> email and the moment the code is run. So even if we notice the
> offending code on the spot, there's not much time to react.
> - elpa.gnu.org is part of infrastructure that Emacs users trust when
> downloading GNU ELPA packages (e.g. it holds the PGP signing key), so
> a breach could affect all GNU ELPA users (especially if not
> noticed).
Sounds very sensible, best of luck! :)