From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Daniel Mendler via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#74604: 30.0.92;
 FR: M-x package-upgrade - offer an option to show a diff on upgrade
Date: Mon, 02 Dec 2024 13:25:22 +0100
Message-ID: <87iks2gtl9.fsf@daniel-mendler.de>
References: <87h67quk0g.fsf@daniel-mendler.de> <87zflfqct7.fsf@posteo.net>
 <CAN+1HbpS0hwy4Kw=4P_3nLZvBohhjW+eUpqq7JgAa559kZuL_Q@mail.gmail.com>
 <87r06qqx3z.fsf@posteo.net>
 <CAN+1HbqOavhsd3xtN4XN6LyPyW5k=fvP0TE0pNGG9viW289hJQ@mail.gmail.com>
Reply-To: Daniel Mendler <mail@daniel-mendler.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="24709"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: Philip Kaludercic <philipk@posteo.net>, 74604@debbugs.gnu.org
To: Ship Mints <shipmints@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 02 13:28:46 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tI5Xh-0006Ft-2U
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 02 Dec 2024 13:28:45 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tI5XH-000774-Q1; Mon, 02 Dec 2024 07:28:20 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tI5X1-0006pJ-BD
 for bug-gnu-emacs@gnu.org; Mon, 02 Dec 2024 07:28:03 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tI5X0-0004lF-L8
 for bug-gnu-emacs@gnu.org; Mon, 02 Dec 2024 07:28:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=Enf8E+/k7HdKczuLo5z09Feo27w8h9Ke6hXSpOpKX0g=; 
 b=fCnuEe/wEoDSxZyNzXDzo+3CXdngKjvj6BCbsemZzgvGowBTbGMbnszFwtMR+nnFMvMynQM3Ky+IbNa+etI1KMkvd5FQk2OJPkbck0CjRl/69QkdqOyvahIJNhZS2do5Ya5n8Thx3t5aLpIzDE1U6WcyRNLBhY0d9fXAafhCL2Ee6TfNZNISr2SVX4agKvpLlmfKHcebJ8Pm2Cnb3UxyAReIZEizNshMKfAVyjEdYznztH/2c6HBSIQERN/aWlBL0L740C1GyCoTRq5XzKPgVAIKypmbpVptUKrsV61PHP9AG9vq1hmro0JxXdeV1bZ77nlIaFIm/lilRm9W89/wBw==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tI5X0-0005Az-46
 for bug-gnu-emacs@gnu.org; Mon, 02 Dec 2024 07:28:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Daniel Mendler <mail@daniel-mendler.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 02 Dec 2024 12:28:02 +0000
Resent-Message-ID: <handler.74604.B74604.173314246219859@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74604
X-GNU-PR-Package: emacs
Original-Received: via spool by 74604-submit@debbugs.gnu.org id=B74604.173314246219859
 (code B ref 74604); Mon, 02 Dec 2024 12:28:02 +0000
Original-Received: (at 74604) by debbugs.gnu.org; 2 Dec 2024 12:27:42 +0000
Original-Received: from localhost ([127.0.0.1]:54570 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tI5Wg-0005AF-AD
 for submit@debbugs.gnu.org; Mon, 02 Dec 2024 07:27:42 -0500
Original-Received: from server.qxqx.de ([49.12.34.165]:35211 helo=mail.qxqx.de)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@daniel-mendler.de>) id 1tI5Wd-00059q-WE
 for 74604@debbugs.gnu.org; Mon, 02 Dec 2024 07:27:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=daniel-mendler.de; s=key; h=Content-Type:MIME-Version:Message-ID:Date:
 References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Enf8E+/k7HdKczuLo5z09Feo27w8h9Ke6hXSpOpKX0g=; b=USbUzYVo9qYEB+nPNKaly1TSPL
 2UCaZEyW1hofEFtn3lb1BarCXRUlqCGg6sWP+UjhK7+RI3wCRuFCTXm5yhYXAJujeZF7iZuabnNUa
 EGrsvnkvSCukfysS1BeyvpVhUET7CaFtHdZ60Z150f2YKbVAP8PllHdsr7a1wyogm+p0=;
In-Reply-To: <CAN+1HbqOavhsd3xtN4XN6LyPyW5k=fvP0TE0pNGG9viW289hJQ@mail.gmail.com>
 (Ship Mints's message of "Mon, 2 Dec 2024 07:04:24 -0500")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:296314
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/296314>

Ship Mints <shipmints@gmail.com> writes:

> To help determine the value/risk of a
> package install or update, I'd think it better to show this in advance.
> Daniel's diff suggestion is similar but more technical.

I think your idea of adding an option to show the change log is good. It
would be nice to have a `package-upgrade-review' option which could be
set to `nil', `news' or to `diff'.

But I want to emphasize that your suggestion misses the security aspect.
Security is the main reason why I made the proposal. The goal is to make
it easier and more convenient for users (yes, users who are "technical"
and familiar with Elisp) to assess the safety of package upgrades and
possibly report any irregularities to the package archive maintainers.
While packages are commonly reviewed at the time of their inclusion in
package archives, this is often not the case later on.

My proposal does not address or affect the first time installation of a
package. At this time it doesn't make sense to show a "diff" and the
user must first check the package closely anyway.

Daniel