From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Wed, 02 Oct 2013 11:45:13 +0900 Message-ID: <87wqlwqtl2.fsf@uwakimon.sk.tsukuba.ac.jp> References: <523FEE1B.9020408@binary-island.eu> <87y56gymvz.fsf@flea.lifelogs.com> <52499473.50707@binary-island.eu> <87vc1ixm7h.fsf@flea.lifelogs.com> <524AD64C.1080709@binary-island.eu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1380681941 18934 80.91.229.3 (2 Oct 2013 02:45:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 2 Oct 2013 02:45:41 +0000 (UTC) Cc: emacs-devel@gnu.org To: Matthias Dahl Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 02 04:45:44 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VRCRa-0006QC-PF for ged-emacs-devel@m.gmane.org; Wed, 02 Oct 2013 04:45:42 +0200 Original-Received: from localhost ([::1]:33623 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VRCRa-0002cS-Bp for ged-emacs-devel@m.gmane.org; Tue, 01 Oct 2013 22:45:42 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39650) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VRCRP-0002cD-Su for emacs-devel@gnu.org; Tue, 01 Oct 2013 22:45:39 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VRCRI-00059b-9G for emacs-devel@gnu.org; Tue, 01 Oct 2013 22:45:31 -0400 Original-Received: from mgmt2.sk.tsukuba.ac.jp ([130.158.97.224]:52927) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VRCRH-00056D-O9 for emacs-devel@gnu.org; Tue, 01 Oct 2013 22:45:24 -0400 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt2.sk.tsukuba.ac.jp (Postfix) with ESMTP id 54079970A0A; Wed, 2 Oct 2013 11:45:14 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 066401A348A; Wed, 2 Oct 2013 11:45:13 +0900 (JST) In-Reply-To: <524AD64C.1080709@binary-island.eu> X-Mailer: VM undefined under 21.5 (beta34) "kale" 182d01410b8d XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 130.158.97.224 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163786 Archived-At: Matthias Dahl writes: > Maybe this is just wishful thinking but what if we could channel that > effort into a single and package repository independent project? > > Please let me explain: The project would mostly build on the web of > trust principle. Basically people can review and rate packages. And in > order to do so, you need a certain level of trust which you gain through > ratings or pledges from already trusted reviewers. Initially those could > be the Emacs and respective package maintainers and so forth. It could work. After all, people do write documentation. :-) And this is something a few non-programmers (a mostly untapped resource) could put a lot of effort into, because at least at startup there will be a lot of admin and advocacy to be done. Design of the metrics is going to be an ongoing effort. The idea of having it be a separate project means that XEmacs and SXEmacs people can get into the act to some extent. However, there is at least one point where your argument is not so strong. And that is that (as a sysadmin) I don't review *any* Emacs code---it's not "mission-critical" on those hosts where I care about Emacsen security. People who suffer from my style of paranoia have to reduce the complexity of their environments, or they won't get anything else done. I suspect that outside of the core development community there are few doing much reviewing. Also, package maintainers really shouldn't be trusted initially, because there are folks who have been maintaining their packages for decades but nobody really knows them. Of course, those well-known to core can be added to the trusted group immediately. Specifically, with respect to Emacsen, I trust that core changes to XEmacs get reviewed by the reviewers, and on "exposed systems" I use use nothing but what XEmacs calls "core Lisp" plus the "xemacs-base" and "text-modes" packages (and "text-modes" is stripped of libraries I don't use). It's a minimal configuration useful for viewing logs and maintaining configuration files, and the release is several years old. (XEmacs 21.4.20 -- but Emacs 18.55 would probably do just as well! Not quite, I do need to be able to decode and display non-ASCII, but I don't currently ever need to edit it.) But Gnus, calendar, and jedi.el just aren't even installed on such hosts. I suppose some people in my position would also install org-mode, but I haven't caught that bug.