From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: =?UTF-8?Q?Cl=c3=a9ment_Pit-Claudel?= Newsgroups: gmane.emacs.devel Subject: Re: [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii Date: Sun, 29 Aug 2021 19:38:54 -0400 Message-ID: <0d8b81d8-e923-dc17-e815-3b1082a20a12@gmail.com> References: <87h7f7zww5.fsf@alphapapa.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="40190"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Aug 30 01:41:02 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mKUQA-000ADk-Ae for ged-emacs-devel@m.gmane-mx.org; Mon, 30 Aug 2021 01:41:02 +0200 Original-Received: from localhost ([::1]:41228 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mKUQ8-0006ua-MV for ged-emacs-devel@m.gmane-mx.org; Sun, 29 Aug 2021 19:41:00 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:56566) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mKUOB-0005wb-Ls for emacs-devel@gnu.org; Sun, 29 Aug 2021 19:39:02 -0400 Original-Received: from mail-qv1-xf2e.google.com ([2607:f8b0:4864:20::f2e]:41876) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mKUO8-00074N-Gx for emacs-devel@gnu.org; Sun, 29 Aug 2021 19:38:59 -0400 Original-Received: by mail-qv1-xf2e.google.com with SMTP id p17so3069571qvo.8 for ; Sun, 29 Aug 2021 16:38:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=DzcybfjOkcU0hVT4Qqis9TNh+2MBKyb0Z11L1A4e4Bw=; b=mKnno1NE6wRRHF0JFBzFdJjFWTLiKrkvWMvFw8uOtiRDp5gYSzASoy6XFEpuhpmCMf e4McWnKWmaw5498Fua4ya5u+CQOG221DXpZHXdToYl/Pbu37r01YoKC473z9lPvmKjeu nf0HiYoQJJP3r2YfmwfwjiZk0gpben+87YYJKS6avi80PGiDdlFF6OqVDYDa4is/YoB8 BRVEq8dyhaxYdseaYDWM971haUhmxvWcgTnwKtDytH05cEToyCnckUAzpYJ3KApd6nHt hlhFH6Kv/gUG9oxvWBW52V4ZA/qn+WLjonz491V6gi/xo/4gHxZsnLbiBk2L/Nh9sh+m 1qVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=DzcybfjOkcU0hVT4Qqis9TNh+2MBKyb0Z11L1A4e4Bw=; b=bHjQG4GadmrnskMgniJgjwbeQ9DPSf6uimzSPyZSMy9p9vS7ZdBg7CsJc9VIYkej07 CUU7PYA1iJeIOHd8VlFo32Jk43+PvWXmeQMgWlMKN4XhA2hP5OpJG4gzj0wHNi/KNMw0 di/gmezhlJrL+ARME3OhXTyF8pwxvTGQRBKxzL41FUJpWiokOippdj6+ry424iO40ihE pL8gpjX45lNMANpWm5KejPPW77PdtNDYXhySXDNExaUdsz2mtss80JdxlxTATc9OfEQa aijenbezvGp4tz5trSHKJj4O6FKTlo+Uvnmkx0QcpkiLw0OGpB3KWoJjUFyLhAzSmZsR ozlw== X-Gm-Message-State: AOAM530oAAjgHCrbZD94BWgW1CP+n85laFo6mElyYoQFL0UsmgN/0BQy HZkmMQR9MadKq0K32Qmk9d9m+pRJdgQ= X-Google-Smtp-Source: ABdhPJxArPP04xycCPjyB+qWrya0IhwOVqQdljQJG9v1Ao3L34olqh9mbv7mJkfg6oZ3RKLQFEJjLQ== X-Received: by 2002:ad4:5bc4:: with SMTP id t4mr14173623qvt.37.1630280335198; Sun, 29 Aug 2021 16:38:55 -0700 (PDT) Original-Received: from [192.168.1.15] (c-24-61-240-80.hsd1.ma.comcast.net. [24.61.240.80]) by smtp.googlemail.com with ESMTPSA id v3sm10265136qkd.20.2021.08.29.16.38.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 29 Aug 2021 16:38:54 -0700 (PDT) In-Reply-To: <87h7f7zww5.fsf@alphapapa.net> Content-Language: en-GB Received-SPF: pass client-ip=2607:f8b0:4864:20::f2e; envelope-from=cpitclaudel@gmail.com; helo=mail-qv1-xf2e.google.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.58, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:273442 Archived-At: On 8/29/21 6:52 PM, Adam Porter wrote: > Hi Stefan, et al, > > Having added taxy.el to ELPA, I noticed that its README.org file isn't > very readable on the ELPA site, because it's rendered as a raw file, > including long lines that extend beyond the edge of the HTML PRE block, > raw Org-syntax, etc. > > Thankfully, Org has an ASCII/UTF-8 export backend that cleanly renders > Org to plain text. It only took a few lines of to make use of it. > Please see the attached patches. (While I was at it, I took the liberty > of adding a couple of docstrings and renaming a few variables to help me > understand the code.) How much does security matter in this case? AFAIR exporting an Org file can run arbitrary code; would this patch allow a package in ELPA to subvert the build process of another package? And if so, is that a problem, or is there sufficient scrutiny of the inputs to ELPA? IIRC any package author can push to ELPA and updates will propagate immediately, so the worry would be that in the time between the introduction of a worm and its detection a large number of end users might install bad code. Clément.