From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Matthias Dahl Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Thu, 26 Sep 2013 11:02:41 +0200 Message-ID: <5243F831.1000008@binary-island.eu> References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> <871u4c5xrg.fsf@bzg.ath.cx> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1380186208 12758 80.91.229.3 (26 Sep 2013 09:03:28 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 26 Sep 2013 09:03:28 +0000 (UTC) Cc: Stefan Monnier , emacs-devel@gnu.org To: Bastien Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 26 11:03:31 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VP7Tv-0000Vr-Eo for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 11:03:31 +0200 Original-Received: from localhost ([::1]:56890 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7Tv-00085V-0U for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 05:03:31 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45583) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7TM-0007Q0-4U for emacs-devel@gnu.org; Thu, 26 Sep 2013 05:03:02 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VP7TF-0006Fl-Ug for emacs-devel@gnu.org; Thu, 26 Sep 2013 05:02:56 -0400 Original-Received: from hemera.binary-island.eu ([97.107.138.233]:48018) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7T8-0006DJ-Ea; Thu, 26 Sep 2013 05:02:42 -0400 Original-Received: from [10.0.0.20] (95-88-238-193-dynip.superkabel.de [95.88.238.193]) by hemera.binary-island.eu (Postfix) with ESMTPSA id 5AD5D3C335; Thu, 26 Sep 2013 05:04:49 -0400 (EDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: <871u4c5xrg.fsf@bzg.ath.cx> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 97.107.138.233 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163654 Archived-At: Hello Bastien... > don't forget those out there who are not educated at all in computer > science and who picked up Lisp just because they loved Emacs. I don't > think this is such a minority, and this may explain why many security > concerns (for which you *need* to study computer science), may have > been overlooked while Emacs was progressing. Interesting argument. Since Lisp is not such a common language imho and not quite so easy to learn, I never would have guessed that people without any kind of technical background did actually choose to give Lisp a shot just because they liked Emacs. But actually this should not affect the core code of Emacs itself - at all. That audience with a limited Lisp skillset should not get repo write access in the first place and everything handed in as a patch gets through the community review process and is commented upon. So there is a nice learning process for the Lisp initiate and QA for the stuff that gets into Emacs. Or am I overlooking something here? So long, Matthias -- Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu services: custom software [desktop, mobile, web], server administration