From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Bastien <bzg@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: security of the emacs package system, elpa, melpa and marmalade
Date: Thu, 26 Sep 2013 00:42:27 +0200
Message-ID: <871u4c5xrg.fsf@bzg.ath.cx>
References: <523FEE1B.9020408@binary-island.eu>
	<jwvy56n7hsj.fsf-monnier+emacs@gnu.org>
	<52429ABD.6090603@binary-island.eu>
	<jwvob7gx43e.fsf-monnier+emacs@gnu.org>
	<52432BE9.1070402@binary-island.eu>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1380148968 7225 80.91.229.3 (25 Sep 2013 22:42:48 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 25 Sep 2013 22:42:48 +0000 (UTC)
Cc: Stefan Monnier <monnier@IRO.UMontreal.CA>, emacs-devel@gnu.org
To: Matthias Dahl <ml_emacs-lists@binary-island.eu>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 26 00:42:48 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VOxnE-0000kC-Ei
	for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 00:42:48 +0200
Original-Received: from localhost ([::1]:55246 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VOxnB-0000Pn-2U
	for ged-emacs-devel@m.gmane.org; Wed, 25 Sep 2013 18:42:45 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58936)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VOxn3-0000Oq-3N
	for emacs-devel@gnu.org; Wed, 25 Sep 2013 18:42:42 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VOxmx-0001id-H0
	for emacs-devel@gnu.org; Wed, 25 Sep 2013 18:42:37 -0400
Original-Received: from mail-wi0-x22e.google.com ([2a00:1450:400c:c05::22e]:60220)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VOxmx-0001iX-9M
	for emacs-devel@gnu.org; Wed, 25 Sep 2013 18:42:31 -0400
Original-Received: by mail-wi0-f174.google.com with SMTP id hj3so6192698wib.1
	for <emacs-devel@gnu.org>; Wed, 25 Sep 2013 15:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:in-reply-to:references:user-agent:date
	:message-id:mime-version:content-type;
	bh=I0wlqvd8Aot1kThLeysZVLpfIl5RcAkHh7nenfdpJ2g=;
	b=ghSq3WheiUHtVBDvVeeW0h4XfWK+C3vV3pJ4wUdo58anTpI2RTe1WMd1afR6qyLc8u
	jZQkr7H+pXSA2yhbH3ZAMrOnBjPKMrIsozIPk8bx++rqBfx+Zl/N3JpPG6zRLXXrpm/v
	dcQrPczD3BMCUGDLN23RSYB5kpbOCqkKj3cGPuoXclAlfTGrFK8X7KQ3r/o6FXs/WLiP
	i6rXtjuFXTSokb0mGFa0zNtgEzt5WbX+cBLNWyKbQxSRRzz51B2DfZWZTvkLIM33J8uq
	0VHV5eWxXcMBYDpPi3V9e4HhypsG5QzAMc+tgrVMZ69t8Y2ZG4/S6Sl1lVL2h4L7/YOA
	J1DQ==
X-Received: by 10.180.187.41 with SMTP id fp9mr24491564wic.33.1380148950440;
	Wed, 25 Sep 2013 15:42:30 -0700 (PDT)
Original-Received: from bzg.localdomain (mar75-2-81-56-68-112.fbx.proxad.net.
	[81.56.68.112])
	by mx.google.com with ESMTPSA id dx7sm22238928wib.8.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Wed, 25 Sep 2013 15:42:29 -0700 (PDT)
Original-Received: by bzg.localdomain (Postfix, from userid 1000)
	id 4511C1C212F5; Thu, 26 Sep 2013 00:42:27 +0200 (CEST)
In-Reply-To: <52432BE9.1070402@binary-island.eu> (Matthias Dahl's message of
	"Wed, 25 Sep 2013 20:31:05 +0200")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:400c:c05::22e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:163645
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/163645>

Hi Matthias,

Matthias Dahl <ml_emacs-lists@binary-island.eu> writes:

> The question that is bugging me now: Why is that? Since Emacs, imho,
> addresses a more technical audience and is maintained by professionals,
> I wouldn't expect such a thing, actually. Especially since it is not
> written in such a commong language that everyone learns during their
> first years in high-school or university which implies a certain level
> of interest and knowledge in programming if one decides to tackle
> lisp.

don't forget those out there who are not educated at all in computer
science and who picked up Lisp just because they loved Emacs.  I don't 
think this is such a minority, and this may explain why many security
concerns (for which you *need* to study computer science), may have
been overlooked while Emacs was progressing.

2 cents of course,

-- 
 Bastien