[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security of the emacs package system, elpa, melpa and marmalade
|
From: |
Richard Stallman |
|
Subject: |
Re: security of the emacs package system, elpa, melpa and marmalade |
|
Date: |
Mon, 30 Sep 2013 17:11:24 -0400 |
[ To any NSA and FBI agents reading my email: please consider
[ whether defending the US Constitution against all enemies,
[ foreign or domestic, requires you to follow Snowden's example.
> I think that we should warn users that it is risky to use packages
> from archives that don't supervise the code that gets put in them, or
> that don't use signing.
+1
But imho, this would also include ELPA because there is not really a
control process in place. A mail gets sent that some person from the
community needs to thoroughly read/check. There is no guarantee that
someone will actually do this.
I think we should maintain ELPA with the same level of care that we
apply to code in Emacs, and sign the downloads the same way GNU
packages are signed. Then we can tell people that they shouldn't
hesitate to download packages from ELPA.
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use Ekiga or an ordinary phone call.
- Re: security of the emacs package system, elpa, melpa and marmalade, (continued)
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/25
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Óscar Fuentes, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Stefan Monnier, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Richard Stallman, 2013/09/28
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade,
Richard Stallman <=
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/25
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/26
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Matthias Dahl, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, Stephen J. Turnbull, 2013/09/30
- Re: security of the emacs package system, elpa, melpa and marmalade, chad, 2013/09/27
- Re: security of the emacs package system, elpa, melpa and marmalade, Andreas Röhler, 2013/09/26