From: Drew Adams <drew.adams@oracle.com>
To: rms@gnu.org, Stephen Leake <stephen_leake@stephe-leake.org>
Cc: jwiegley@gmail.com, drew.adams@oracle.com, emacs-devel@gnu.org
Subject: RE: ELPA policy
Date: Thu, 12 Nov 2015 15:05:50 -0800 (PST) [thread overview]
Message-ID: <1a993b13-0e96-4350-a132-7e8fb05afef4@default> (raw)
In-Reply-To: <<E1Zx0QR-0004QE-Ga@fencepost.gnu.org>>
> > Any malicious hacker can drop completely different code in that web
> > page, and thus get it into Gnu ELPA.
>
> Drew said the pages were locked.
> Doesn't that mean that only he has access to change them?
No, anyone with admin privileges for the wiki has access to do so.
There are a few people in this category. And see Alex Schroeder's
clarification of what this means. This is not watertight security,
by any means.
Perhaps one way to look at it is similar to submitting something
by email (which would be another possibility, for me).
> > We will have replaced the security of private machines with whatever
> > web login that web page requires; that's a huge step backwards.
>
> I think you are concerned that someone might break the security on that
> other server and then install changes on it using Drew's account.
See above.
> In general, someone who breaks the security on a machine used by
> an Emacs contributor might be able to insert changes in Emacs
> by pretending to be that contributor. I don't think this is
> fundamentally different. But maybe the web site's security is
> not quite as good.
>
> We can make the security tighter. Drew, are you willing to GPG-sign
> your new versions?
I don't really know what that entails.
Dunno whether you really want to discuss my case in particular in
detail here. Again, I doubt that it is typical. The reason for
my initial message about this was to suggest that some people do
use MELPA, and that perhaps some way to accommodate them could be
devised. But maybe not.
To repeat the summary of my original point:
So you might recommend that packages not be put in MELPA, but
some will continue to be put there, including perhaps some that
you might someday want to include in Emacs.
Regarding my own case, this was the point:
I do not use GIT, so any updates I make to them
would not be done directly in the repository. It was not
acceptable to update elsewhere (e.g. the wiki) and then have
someone or a program pull from there to the repository when
appropriate.
In sum, some people will post code to MELPA, including some
that you might someday want in Emacs. And some input to MELPA
comes from the wiki, not from GIT - but this is probably a small
portion of what is in MELPA.
next prev parent reply other threads:[~2015-11-12 23:05 UTC|newest]
Thread overview: 274+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-04 12:39 streams are cool, you could stream virtually anything! Nicolas Petton
2015-11-04 15:50 ` John Wiegley
2015-11-04 16:59 ` Damien Cassou
2015-11-04 18:06 ` Michael Heerdegen
2015-11-04 19:17 ` Michael Heerdegen
2015-11-04 21:58 ` Nicolas Petton
2015-11-04 23:20 ` T.V Raman
2015-11-04 23:31 ` Nicolas Petton
2015-11-05 0:27 ` John Wiegley
2015-11-05 0:38 ` T.V Raman
2015-11-05 0:48 ` ELPA policy (Was: streams are cool, you could stream virtually anything!) John Wiegley
2015-11-05 0:52 ` T.V Raman
2015-11-08 17:18 ` ELPA policy Achim Gratz
2015-11-08 17:49 ` Eli Zaretskii
2015-11-08 20:52 ` Aaron Ecay
2015-11-09 3:42 ` Eli Zaretskii
2015-11-09 3:51 ` Dmitry Gutov
2015-11-09 11:15 ` New ELPA policy proposal (was: ELPA policy) Oleh Krehel
2015-11-09 13:51 ` Artur Malabarba
2015-11-09 15:02 ` New ELPA policy proposal Oleh Krehel
2015-11-09 16:22 ` Artur Malabarba
2015-11-09 15:41 ` Wolfgang Jenkner
2015-11-09 15:50 ` Dmitry Gutov
2015-11-09 16:13 ` Wolfgang Jenkner
2015-11-09 21:50 ` Richard Stallman
2015-11-09 16:25 ` Artur Malabarba
2015-11-09 16:11 ` New ELPA policy proposal (was: ELPA policy) Eli Zaretskii
2015-11-10 7:26 ` New ELPA policy proposal Oleh Krehel
2015-11-10 14:24 ` John Wiegley
2015-11-10 16:36 ` Eli Zaretskii
2015-11-09 16:05 ` ELPA policy Eli Zaretskii
2015-11-09 16:15 ` Dmitry Gutov
2015-11-09 16:20 ` Eli Zaretskii
2015-11-09 16:26 ` Dmitry Gutov
2015-11-09 16:44 ` Eli Zaretskii
2015-11-09 17:46 ` Dmitry Gutov
2015-11-09 16:35 ` Artur Malabarba
2015-11-09 19:52 ` John Wiegley
2015-11-09 20:17 ` Achim Gratz
2015-11-09 21:38 ` John Wiegley
2015-11-10 20:07 ` Achim Gratz
2015-11-09 21:51 ` Richard Stallman
2015-11-09 22:06 ` John Wiegley
2015-11-09 23:05 ` Artur Malabarba
2015-11-10 18:18 ` Richard Stallman
2015-11-11 15:11 ` Nicolas Petton
2015-11-11 17:03 ` Richard Stallman
2015-11-09 23:47 ` Nicolas Petton
2015-11-09 23:44 ` Nicolas Petton
2015-11-09 23:42 ` Nicolas Petton
2015-11-09 23:52 ` Aaron Ecay
2015-11-10 0:04 ` John Wiegley
2015-11-10 18:06 ` Stephen Leake
[not found] ` <"<87lha5snji.fsf"@isaac.fritz.box>
[not found] ` <"<87d1vhsmuj.fsf"@isaac.fritz.box>
[not found] ` <"<878u65slue.fsf"@isaac.fritz.box>
[not found] ` <"<874mgtsjwn.fsf"@isaac.fritz.box>
2015-11-10 18:28 ` John Wiegley
2015-11-10 18:32 ` Dmitry Gutov
2015-11-10 18:35 ` John Wiegley
2015-11-10 18:44 ` David Engster
2015-11-10 18:49 ` John Wiegley
2015-11-10 20:00 ` Dmitry Gutov
2015-11-11 15:15 ` xref and GNU Global (Re: ELPA policy) Nicolas Petton
2015-11-11 15:22 ` Dmitry Gutov
2015-11-11 23:19 ` Stephen Leake
2015-11-11 23:32 ` Dmitry Gutov
2015-11-12 7:07 ` Stephen Leake
2015-11-11 23:12 ` Stephen Leake
2015-11-11 23:52 ` Nicolas Petton
2015-11-12 7:05 ` Stephen Leake
2015-11-10 19:15 ` ELPA policy Eli Zaretskii
2015-11-10 22:44 ` xref CEDET (was ELPA policy) Stephen Leake
2015-11-10 21:52 ` ELPA policy Dmitry Gutov
2015-11-10 18:37 ` David Engster
2015-11-10 19:57 ` Dmitry Gutov
2015-11-10 20:01 ` Eli Zaretskii
2015-11-10 20:19 ` Dmitry Gutov
2015-11-10 20:34 ` Eli Zaretskii
2015-11-10 21:16 ` Dmitry Gutov
2015-11-10 21:27 ` Dmitry Gutov
2015-11-10 22:40 ` Stephen Leake
2015-11-10 20:45 ` David Engster
2015-11-10 21:07 ` Dmitry Gutov
2015-11-10 18:43 ` David Engster
2015-11-10 18:52 ` John Wiegley
2015-11-10 18:58 ` David Engster
2015-11-10 19:03 ` John Wiegley
2015-11-10 19:20 ` David Engster
2015-11-10 19:43 ` John Wiegley
2015-11-10 20:02 ` David Engster
2015-11-10 20:24 ` John Wiegley
2015-11-10 23:08 ` Stephen Leake
2015-11-10 23:31 ` John Wiegley
2015-11-11 0:32 ` Drew Adams
2015-11-11 0:36 ` John Wiegley
2015-11-11 9:25 ` Stephen Leake
2015-11-11 13:52 ` Filipp Gunbin
2015-11-11 21:22 ` Stephen Leake
2015-11-12 13:24 ` Filipp Gunbin
2015-11-12 17:11 ` John Wiegley
2015-11-12 19:17 ` Filipp Gunbin
2015-11-12 19:31 ` John Wiegley
2015-11-14 10:16 ` Stephen Leake
2015-11-12 19:52 ` Stephen Leake
2015-11-13 13:06 ` Filipp Gunbin
2015-11-14 10:30 ` Stephen Leake
2015-11-17 13:01 ` Filipp Gunbin
2015-11-17 16:18 ` Stephen Leake
2015-11-17 15:51 ` Tom Tromey
2015-11-11 17:02 ` Richard Stallman
2015-11-11 17:24 ` John Wiegley
2015-11-12 14:02 ` Phillip Lord
2015-11-12 17:11 ` John Wiegley
2015-11-12 19:59 ` Stephen Leake
2015-11-13 21:58 ` Richard Stallman
2015-11-14 1:15 ` JJ Asghar
2015-11-14 17:23 ` Jorge A. Alfaro-Murillo
2015-11-15 16:37 ` John Wiegley
[not found] ` <<86bnb06g7g.fsf@stephe-leake.org>
[not found] ` <<E1ZwYnH-0004b0-Gu@fencepost.gnu.org>
2015-11-11 17:47 ` Drew Adams
2015-11-11 19:23 ` John Wiegley
2015-11-11 19:58 ` Drew Adams
2015-11-11 23:27 ` Richard Stallman
2015-11-12 0:35 ` Artur Malabarba
2015-11-12 0:42 ` Dmitry Gutov
2015-11-12 22:34 ` Richard Stallman
2015-11-13 0:49 ` Artur Malabarba
2015-11-12 6:49 ` Stephen Leake
2015-11-12 15:09 ` Drew Adams
2015-11-12 17:29 ` Alex Schröder
2015-11-12 22:33 ` Richard Stallman
2015-11-14 10:33 ` Stephen Leake
2015-11-14 21:05 ` Richard Stallman
[not found] ` <<86oaezemp9.fsf@stephe-leake.org>
[not found] ` <<E1Zx0QR-0004QE-Ga@fencepost.gnu.org>
2015-11-12 23:05 ` Drew Adams [this message]
2015-11-13 7:51 ` Eli Zaretskii
2015-11-13 22:00 ` Richard Stallman
[not found] ` <<E1ZxMOr-0004hb-VH@fencepost.gnu.org>
2015-11-13 23:03 ` Drew Adams
2015-11-14 1:44 ` Richard Stallman
2015-11-15 9:28 ` Michael Heerdegen
2015-11-15 15:44 ` Drew Adams
2015-11-17 22:55 ` Richard Stallman
2015-11-17 23:17 ` John Wiegley
2015-11-18 9:53 ` Artur Malabarba
2015-11-18 10:12 ` David Kastrup
2015-11-14 9:57 ` Achim Gratz
[not found] ` <<m2twosgx1m.fsf@Vulcan.attlocal.net>
[not found] ` <<E1Zwent-0000bG-9i@fencepost.gnu.org>
2015-11-12 0:22 ` Drew Adams
2015-11-10 23:01 ` Stephen Leake
2015-11-10 22:53 ` Stephen Leake
2015-11-10 19:17 ` Eli Zaretskii
2015-11-10 23:10 ` Stephen Leake
2015-11-10 22:52 ` Stephen Leake
2015-11-10 18:49 ` Eli Zaretskii
2015-11-10 18:54 ` John Wiegley
2015-11-10 19:21 ` Eli Zaretskii
2015-11-10 19:26 ` Eli Zaretskii
2015-11-10 19:29 ` John Wiegley
2015-11-10 20:06 ` Dmitry Gutov
2015-11-10 23:25 ` Stephen Leake
2015-11-10 23:23 ` Stephen Leake
2015-11-10 20:03 ` Dmitry Gutov
2015-11-10 23:16 ` Stephen Leake
2015-11-10 22:36 ` Stephen Leake
2015-11-10 22:54 ` John Wiegley
2015-11-10 23:01 ` Drew Adams
2015-11-11 9:13 ` Stephen Leake
2015-11-11 14:58 ` Drew Adams
2015-11-09 18:22 ` Achim Gratz
2015-11-09 18:45 ` Eli Zaretskii
2015-11-09 18:58 ` David Engster
2015-11-09 19:08 ` Eli Zaretskii
2015-11-09 19:35 ` David Engster
2015-11-09 20:12 ` Eli Zaretskii
2015-11-09 19:53 ` Rasmus
2015-11-09 19:58 ` Achim Gratz
2015-11-05 17:06 ` streams and generators (was: streams are cool, you could stream virtually anything!) Michael Heerdegen
2015-11-05 22:36 ` streams and generators Dmitry Gutov
2015-11-04 23:34 ` streams are cool, you could stream virtually anything! Michael Heerdegen
2015-11-05 9:27 ` Nicolas Petton
2015-11-05 11:26 ` Artur Malabarba
2015-11-05 11:52 ` Nicolas Petton
2015-11-05 16:31 ` raman
2015-11-05 16:48 ` Michael Heerdegen
2015-11-05 21:58 ` Nicolas Petton
2015-11-05 23:05 ` Artur Malabarba
2015-11-05 23:34 ` T.V Raman
2015-11-06 0:02 ` Artur Malabarba
2015-11-06 0:39 ` T.V Raman
2015-11-05 23:52 ` Michael Heerdegen
2015-11-06 2:19 ` John Wiegley
2015-11-06 2:47 ` Michael Heerdegen
2015-11-06 15:09 ` Filipp Gunbin
2015-11-06 10:49 ` Nicolas Petton
2015-11-06 13:09 ` Artur Malabarba
2015-11-06 13:43 ` Nicolas Petton
2015-11-06 15:41 ` John Wiegley
2015-11-06 16:13 ` John Wiegley
2015-11-06 17:36 ` Nicolas Petton
2015-11-06 10:47 ` Nicolas Petton
2015-11-06 2:08 ` John Wiegley
2015-11-06 15:33 ` Nicolas Petton
2015-11-06 16:08 ` John Wiegley
2015-11-06 17:12 ` Nicolas Petton
2015-11-05 23:06 ` Artur Malabarba
2015-11-05 14:12 ` Michael Heerdegen
2015-11-04 17:00 ` Phillip Lord
2015-11-04 22:00 ` Nicolas Petton
2015-11-05 12:28 ` Phillip Lord
2015-11-05 13:45 ` Nicolas Petton
2015-11-05 15:15 ` Michael Heerdegen
2015-11-05 16:35 ` Eli Zaretskii
2015-11-06 9:54 ` Phillip Lord
2015-11-04 17:57 ` Michael Heerdegen
2015-11-04 22:00 ` Nicolas Petton
-- strict thread matches above, loose matches on Subject: below --
2020-05-04 17:36 Imports / inclusion of s.el into Emacs Drew Adams
2020-05-05 7:25 ` Philippe Vaucher
2020-05-05 10:14 ` João Távora
2020-05-05 11:57 ` Philippe Vaucher
2020-05-05 13:07 ` João Távora
2020-05-05 14:47 ` Philippe Vaucher
2020-05-05 16:20 ` Stefan Kangas
2020-05-06 4:45 ` Richard Stallman
2020-05-06 13:37 ` Stefan Monnier
2020-05-06 14:04 ` Philippe Vaucher
2020-05-07 2:44 ` Richard Stallman
2020-05-07 3:14 ` Stefan Monnier
2020-05-07 7:23 ` Philippe Vaucher
2020-05-07 13:42 ` Stefan Monnier
2020-05-08 2:47 ` Richard Stallman
2020-05-08 3:38 ` Stefan Monnier
2020-05-08 6:54 ` ELPA policy (was: Imports / inclusion of s.el into Emacs) Eli Zaretskii
2020-05-08 14:57 ` ELPA policy Stefan Monnier
2020-05-08 15:13 ` Eli Zaretskii
2020-05-08 23:16 ` Stefan Monnier
2020-05-09 6:22 ` Eli Zaretskii
2020-05-09 7:35 ` David Engster
2020-05-09 7:56 ` Eli Zaretskii
2020-05-09 8:16 ` David Engster
2020-05-09 8:27 ` Eli Zaretskii
2020-05-09 8:43 ` David Engster
2020-05-09 9:43 ` Eli Zaretskii
2020-05-09 10:13 ` David Engster
2020-05-09 10:24 ` Eli Zaretskii
2020-05-09 10:29 ` David Engster
2020-05-09 10:41 ` Eli Zaretskii
2020-05-09 11:15 ` David Engster
2020-05-10 2:29 ` Richard Stallman
2020-05-09 11:09 ` Alfred M. Szmidt
2020-05-09 15:06 ` Dmitry Gutov
2020-05-11 16:28 ` Eli Zaretskii
2020-05-12 3:16 ` Richard Stallman
2020-05-12 15:00 ` Eli Zaretskii
2020-05-08 22:34 ` Phillip Lord
2015-11-05 2:14 Proposed new core library: pl.el John Wiegley
2015-11-05 2:22 ` Dmitry Gutov
2015-11-05 2:41 ` ELPA policy (was: Proposed new core library: pl.el) John Wiegley
2015-11-05 3:00 ` ELPA policy Dmitry Gutov
2015-11-05 9:08 ` Artur Malabarba
2015-11-05 12:51 ` Michael Welsh Duggan
2015-11-05 13:49 ` Dmitry Gutov
2015-11-05 14:41 ` Michael Welsh Duggan
2015-11-05 15:09 ` John Wiegley
2015-11-05 15:40 ` Dmitry Gutov
2015-11-05 16:58 ` Artur Malabarba
2015-11-05 17:45 ` Dmitry Gutov
2015-11-06 21:37 ` Richard Stallman
2015-11-08 16:30 ` John Wiegley
2015-11-08 17:11 ` Eli Zaretskii
2015-11-08 18:00 ` Wolfgang Jenkner
2015-11-08 18:20 ` Eli Zaretskii
2015-11-09 0:53 ` Wolfgang Jenkner
2015-11-08 18:26 ` Óscar Fuentes
2015-11-08 18:31 ` Eli Zaretskii
2015-11-08 19:27 ` Artur Malabarba
2015-11-08 18:33 ` Eli Zaretskii
2015-11-08 20:04 ` Artur Malabarba
2015-11-08 19:58 ` Eli Zaretskii
2015-11-08 20:10 ` Dmitry Gutov
2015-11-08 20:26 ` Eli Zaretskii
2015-11-08 20:36 ` Dmitry Gutov
2015-11-08 20:47 ` Eli Zaretskii
2015-11-08 23:16 ` Richard Stallman
2015-11-09 1:45 ` Dmitry Gutov
2015-11-09 2:59 ` Yuri Khan
2015-11-08 19:55 ` Artur Malabarba
2015-11-09 9:25 ` Stephen Leake
2015-11-05 7:13 ` David Kastrup
2010-11-15 15:40 Julien Danjou
2010-11-15 17:09 ` Chong Yidong
2010-11-15 18:53 ` Lars Magne Ingebrigtsen
2010-11-15 20:33 ` Chong Yidong
2010-11-15 21:06 ` Edward O'Connor
2010-11-16 3:26 ` Glenn Morris
2010-11-15 18:50 ` Tom Tromey
2010-11-15 22:10 ` Glenn Morris
2010-11-15 19:35 ` Stefan Monnier
2010-11-15 20:12 ` Chong Yidong
2010-11-15 21:59 ` Ted Zlatanov
2010-11-16 21:23 ` Richard Stallman
[not found] <<87ziyuaqhl.fsf@petton.fr>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1a993b13-0e96-4350-a132-7e8fb05afef4@default \
--to=drew.adams@oracle.com \
--cc=emacs-devel@gnu.org \
--cc=jwiegley@gmail.com \
--cc=rms@gnu.org \
--cc=stephen_leake@stephe-leake.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).