That makes sense. But I only brought up the MELPA example because I recently encountered a security bug in a MELPA package. There's no reason ELPA packages can't have similar security bugs (I just don't have an example of this at the moment), and I figured it might be a good idea to have some support for making it easier for users to quickly get security updates for packages, regardless of what repository they're using.
On Sat, Aug 13, 2022, 8:23 PM Richard Stallman <
rms@gnu.org> wrote:
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
We do not endorse or point to MEPLA, because it doesn't uphold our
principles of rejecting nonfree software. So we don't get involved in
maintaining MELPA. We have nothing to do with it.
When there is a package that happens to be in MELPA that we want to
recommend to users, we can put it in NonGNU ELPA. There, we can give
it a little emergency maintenance if that seems called for.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)