From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Matthias Dahl Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Thu, 26 Sep 2013 11:02:46 +0200 Message-ID: <5243F836.9020301@binary-island.eu> References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1380186193 12593 80.91.229.3 (26 Sep 2013 09:03:13 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 26 Sep 2013 09:03:13 +0000 (UTC) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 26 11:03:15 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VP7Td-0000Cc-2Z for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 11:03:13 +0200 Original-Received: from localhost ([::1]:56888 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7Tc-0007ip-Mf for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 05:03:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45565) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7TJ-0007MN-AV for emacs-devel@gnu.org; Thu, 26 Sep 2013 05:02:59 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VP7TD-0006Ex-Bn for emacs-devel@gnu.org; Thu, 26 Sep 2013 05:02:53 -0400 Original-Received: from hemera.binary-island.eu ([97.107.138.233]:48020) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VP7TD-0006Es-96 for emacs-devel@gnu.org; Thu, 26 Sep 2013 05:02:47 -0400 Original-Received: from [10.0.0.20] (95-88-238-193-dynip.superkabel.de [95.88.238.193]) by hemera.binary-island.eu (Postfix) with ESMTPSA id 54C003C335; Thu, 26 Sep 2013 05:04:54 -0400 (EDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 97.107.138.233 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163653 Archived-At: Hello Stefan... > Emacs is about empowering the user. Sure. But all of that does not necessarily contradict security or make the code full of security leaks / holes. > To me, the problem it too ill-understood to be able to design a workable > solution. Agreed. It was never my intention in this discussion to find a solution, just to start the discussion and the process that might lead to a solution eventually down the road. > So I think the only way to attack the problem is to perform experiments > to get a feel for what might work and what problems show up. Ah, justice. I knew this would come back to me and bite me. ;) I know that since I am the one who started this discussion, it is expected of me (or considered good manors) that I volunteer to do so. And I'd in all honesty gladly jump on in... but my familiarity with the code base is very far from sufficient for this. This is something for someone with a very strong grasp of Elisp and Emacs, imho. :( So long, Matthias -- Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu services: custom software [desktop, mobile, web], server administration