From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.bugs Subject: bug#74604: 30.0.92; FR: M-x package-upgrade - offer an option to show a diff on upgrade Date: Sun, 01 Dec 2024 22:05:24 +0000 Message-ID: <87zflfqct7.fsf@posteo.net> References: <87h67quk0g.fsf@daniel-mendler.de> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="6463"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 74604@debbugs.gnu.org To: Daniel Mendler Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 01 23:06:25 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tHs5A-0001Wv-UE for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 01 Dec 2024 23:06:25 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tHs4r-0007id-Ef; Sun, 01 Dec 2024 17:06:05 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tHs4p-0007iQ-L4 for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 17:06:03 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tHs4o-0007LB-UG for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 17:06:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=B7yBTTDxWzuI4GoyTaiIgKdhBNr7/gFoeVAMo15dvoQ=; b=XC5/jgFqSLfosFSaRC5nlmiv1CbBGbbOpbW8LR7xLkgVUZVy0DQxlAv+syOA806rlyjenjo0p1XyKp7NMTvLRndqtITC9vu9mrlU92mzKJW7711RodPtmRgPHQwwM2p1iPgLzEGag22ZEDNf4ncNZJyfHLIps47QpEuhNnNjwdb8VmvD+kugcWJo+tE8VmTGsEhC6/JAikINeGfaFNu9PBJiEXLdsupUz7OrMXmtiAtip1QkloXlTvqfcH+O4vY6b60mgwOofvR/VEkVoDHxxW3Ks98YIAyQdlGgph1vencA+lKjIZ7UOlBVoCjmYnDzqhdOF9BmhOYVaarJyRY7Kg==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tHs4o-0003GH-9z for bug-gnu-emacs@gnu.org; Sun, 01 Dec 2024 17:06:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Philip Kaludercic Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 01 Dec 2024 22:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74604 X-GNU-PR-Package: emacs Original-Received: via spool by 74604-submit@debbugs.gnu.org id=B74604.173309073712497 (code B ref 74604); Sun, 01 Dec 2024 22:06:02 +0000 Original-Received: (at 74604) by debbugs.gnu.org; 1 Dec 2024 22:05:37 +0000 Original-Received: from localhost ([127.0.0.1]:53358 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tHs4P-0003FU-5n for submit@debbugs.gnu.org; Sun, 01 Dec 2024 17:05:37 -0500 Original-Received: from mout01.posteo.de ([185.67.36.65]:35883) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tHs4M-0003FD-NV for 74604@debbugs.gnu.org; Sun, 01 Dec 2024 17:05:36 -0500 Original-Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 8C85B240028 for <74604@debbugs.gnu.org>; Sun, 1 Dec 2024 23:05:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1733090727; bh=poT7kDM1hC/XRg6guZLizsL6/i3nGej561Cs95g293k=; h=From:To:Cc:Subject:Autocrypt:OpenPGP:Date:Message-ID:MIME-Version: Content-Type:From; b=A0pf3rSW0mCmVLIIgxgG2XS4CM6wDFObvjTQqvKc4znPx+pXyT2iNiEcrepLmKHqo lCCy3m8zIZskOoxi2dLCfDvZjGvxcgyaOErAItzzwx0qLS7GLjE+n4JtxK9y9H+tAX e6jt588yKqQ1Knd6MMFATnhLQcxKuLvyz2mLC9UeXccqFqiHHfT7Jmy5gtjlydKZHV I2m3OqDctHAsDi05HOfrqO6HBTPUK+QbOeyvPmNV6wUaRH925eA3dHzf3ZzCHJ6gQQ VPGyUsW0FnU/M3dTo/+LECTemTMerkczc87qMEwZI5u5++YzCmrneygRFUJka93o2t MpD28P0+1QbAw== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Y1gvn6tNlz9rxN; Sun, 1 Dec 2024 23:05:25 +0100 (CET) In-Reply-To: <87h67quk0g.fsf@daniel-mendler.de> (Daniel Mendler's message of "Fri, 29 Nov 2024 16:39:27 +0100") Autocrypt: addr=philipk@posteo.net; keydata= mDMEZBBQQhYJKwYBBAHaRw8BAQdAHJuofBrfqFh12uQu0Yi7mrl525F28eTmwUDflFNmdui0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiWBBMWCAA+FiEEDg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwMFCQHhM4AFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8xYDWXahwulikAEA77hloUiSrXgFkUVJhlKBpLCHUjA0 mWZ9j9w5d08+jVwBAK6c4iGP7j+/PhbkxaEKa4V3MzIl7zJkcNNjHCXmvFcEuDgEZBBQQhIKKwYB BAGXVQEFAQEHQI5NLiLRjZy3OfSt1dhCmFyn+fN/QKELUYQetiaoe+MMAwEIB4h+BBgWCAAmFiEE Dg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwwFCQHhM4AACgkQ8xYDWXahwukm+wEA8cml4JpK NeAu65rg+auKrPOP6TP/4YWRCTIvuYDm0joBALw98AMz7/qMHvSCeU/hw9PL6u6R2EScxtpKnWof z4oM OpenPGP: id=philipk@posteo.net; url="https://keys.openpgp.org/vks/v1/by-email/philipk@posteo.net"; preference=signencrypt X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:296283 Archived-At: Daniel Mendler writes: > This is a feature request for the security wishlist. When upgrading > package it would be good to show a diff between the new and old package > files. Such an option could help performing review casually as part of > the upgrade process and may improve the security of the package > archives. More eyes would look at new package versions. This would make > it harder to inject malicious code either via the source repository or > via attacks on the package archives. That sounds like a good option to have! I'll look into adding something like this via a user option that adjusts how to confirm a package upgrade. Note that package-vc has something similar with the `package-vc-log-incoming' command.