From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Matthias Dahl Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Mon, 30 Sep 2013 17:31:21 +0200 Message-ID: <52499949.9030903@binary-island.eu> References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> <5243F836.9020301@binary-island.eu> <5245938E.6040906@binary-island.eu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1380555100 22770 80.91.229.3 (30 Sep 2013 15:31:40 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 30 Sep 2013 15:31:40 +0000 (UTC) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 30 17:31:44 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VQfRj-0003x0-8a for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 17:31:39 +0200 Original-Received: from localhost ([::1]:49324 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfRi-0002YX-Sc for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 11:31:38 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfRb-0002Y5-6g for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:31:37 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VQfRT-0004xd-Nc for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:31:31 -0400 Original-Received: from hemera.binary-island.eu ([97.107.138.233]:59332) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfRT-0004xY-KQ for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:31:23 -0400 Original-Received: from [10.0.0.20] (95-88-238-193-dynip.superkabel.de [95.88.238.193]) by hemera.binary-island.eu (Postfix) with ESMTPSA id A825B3C345; Mon, 30 Sep 2013 11:33:36 -0400 (EDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 97.107.138.233 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163732 Archived-At: Hello Stefan... > [...] > So such a sandboxing would mostly work as a "sanity check" which can > catch coding errors/oversights rather than malicious code. After the whole discussion, I agree, that a sandbox would not be the holy grail to this problem, unfortunately. I still think it would be one measure that should be complemented with others and work in concert with those to be more effective as a whole. > Another way to look at the problem is to perform code review. Which would be very nice to have in general, naturally. > So you could argue that the problem is not ELPA in general but > "unsupervised" archives such as MELPA. Excuse my straightforwardness but this feels like pushing responsibility away to someone else. Neither ELPA, nor MELPA or Marmalade provide a sufficient reviewing process to be considered effective, imho. So all of those are more or less in the same boat. Naturally, some of the solutions that would work for ELPA, could potentially be hard to do with MELPA... but that is a different story. I think a general solution that would benefit all, would be absolutely desirable. So long, Matthias -- Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu services: custom software [desktop, mobile, web], server administration