From: Adam Porter <adam@alphapapa.net>
To: emacs-devel@gnu.org
Subject: Re: [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii
Date: Sun, 29 Aug 2021 21:15:13 -0500 [thread overview]
Message-ID: <87v93ny8y6.fsf@alphapapa.net> (raw)
In-Reply-To: 7bc9ba82-e32a-291a-96a0-315d814d6943@gmail.com
Clément Pit-Claudel <cpitclaudel@gmail.com> writes:
> The scary part is not so much altering a package (or a few packages)
> with bad code (though that is scary), but having the ability to alter
> all of them (sure, you could push to all package branches, but that's
> more easily detected that altering one readme).
Yes, we should be very careful about that, and I'm glad people like you
and Stefan are keeping it in mind. :) In fact...
>> Also, AFAIU, ELPA already runs Makefiles for packages as part of the
>> build process, and those can run arbitrary code, which I guess could do
>> things like modify other packages, modify the build process or scripts,
>> or anything else that the user account the build process runs as could
>> do on the server.
>
> Good catch, and indeed given this running org doesn't make things
> worse. Thanks.
As Stefan mentioned, it appears that he's is way ahead of both of us, as
he's already implemented some sandboxing in the build process. :)
next prev parent reply other threads:[~2021-08-30 2:15 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-29 22:52 [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii Adam Porter
2021-08-29 23:28 ` Adam Porter
2021-08-29 23:38 ` Clément Pit-Claudel
2021-08-30 0:01 ` Adam Porter
2021-08-30 1:49 ` Clément Pit-Claudel
2021-08-30 2:15 ` Adam Porter [this message]
2021-08-30 0:48 ` Stefan Monnier
2021-08-30 1:29 ` Adam Porter
2021-08-30 2:13 ` [ELPA/elpa-admin] Render README.org as HTML with ox-html Adam Porter
2021-09-03 2:01 ` Adam Porter
2021-09-07 3:31 ` Stefan Monnier
2021-09-07 8:12 ` Philip Kaludercic
2021-09-07 10:26 ` Adam Porter
2021-09-10 20:58 ` Stefan Monnier
2021-09-12 13:03 ` Adam Porter
2021-09-20 4:29 ` Stefan Monnier
2021-09-20 6:41 ` Stefan Kangas
2021-09-20 13:40 ` Basil L. Contovounesios
2021-09-20 19:57 ` Adam Porter
2021-09-20 23:26 ` Adam Porter
2021-10-09 15:08 ` Stefan Monnier
2021-10-09 16:39 ` Eric Abrahamsen
2021-10-10 3:37 ` Stefan Monnier
2021-10-10 3:54 ` Corwin Brust
2021-10-10 13:27 ` Stefan Monnier
2021-10-10 4:32 ` Eric Abrahamsen
2021-10-10 14:50 ` Adam Porter
2021-10-10 15:30 ` Stefan Monnier
2021-08-30 17:49 ` [ELPA/elpa-admin] Render README.org as ASCII with ox-ascii Philip Kaludercic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v93ny8y6.fsf@alphapapa.net \
--to=adam@alphapapa.net \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).