[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security of the emacs package system, elpa, melpa and marmalade
|
From: |
Matthias Dahl |
|
Subject: |
Re: security of the emacs package system, elpa, melpa and marmalade |
|
Date: |
Mon, 30 Sep 2013 17:31:21 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 |
Hello Stefan...
> [...]
> So such a sandboxing would mostly work as a "sanity check" which can
> catch coding errors/oversights rather than malicious code.
After the whole discussion, I agree, that a sandbox would not be the
holy grail to this problem, unfortunately. I still think it would be one
measure that should be complemented with others and work in concert with
those to be more effective as a whole.
> Another way to look at the problem is to perform code review.
Which would be very nice to have in general, naturally.
> So you could argue that the problem is not ELPA in general but
> "unsupervised" archives such as MELPA.
Excuse my straightforwardness but this feels like pushing responsibility
away to someone else. Neither ELPA, nor MELPA or Marmalade provide a
sufficient reviewing process to be considered effective, imho. So all of
those are more or less in the same boat. Naturally, some of the
solutions that would work for ELPA, could potentially be hard to do with
MELPA... but that is a different story.
I think a general solution that would benefit all, would be absolutely
desirable.
So long,
Matthias
--
Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu
services: custom software [desktop, mobile, web], server administration
- Re: security of the emacs package system, elpa, melpa and marmalade, (continued)
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/25
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Óscar Fuentes, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Richard Stallman, 2013/09/28
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, Richard Stallman, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade,
Matthias Dahl <=
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/25
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, chad, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Andreas Röhler, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Richard Stallman, 2013/09/26