Re: security of the emacs package system, elpa, melpa and marmalade

[Ted Zlatanov]

On Mon, 30 Sep 2013 17:10:43 +0200 Matthias Dahl <address@hidden> wrote: 

MD> Hello...
>> I would propose using the signature files above to provide that wall,
>> so auto-signing should not be done.  Instead a maintainer team should
>> review changes that need to go up on the GNU ELPA.

MD> Ted, that would be really nice to have but as it was brought up earlier
MD> in this thread, this is not gonna happen. And I can honestly understand
MD> why it can't happen. The amount of manpower required to really do this
MD> properly, is not something that could be easily shouldered by a team of
MD> trusted volunteers in a timely manner.

A much more complex version of this process works for Debian.  I think
the amount of changes is not bad for a daily review, especially if we
move to a branch+pull request+merge model for the GNU ELPA.  Github's
infrastructure and UI for this is quite good.  Oh, and of course the
same branch+pull request+merge model could apply to the Emacs core as
well; that IMO would be really nice.

I think it's much less likely that Emacs will be rewritten to provide a
sandbox for packages, and a community review process is more valuable in
the long term in any case.

Ted