From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: ELPA security Date: Sat, 22 Dec 2012 11:20:56 -0500 Message-ID: References: <8738zf70ep.fsf@riseup.net> <871uejlbm1.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1356193271 11620 80.91.229.3 (22 Dec 2012 16:21:11 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 22 Dec 2012 16:21:11 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Dec 22 17:21:26 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TmRpA-0001mb-1Y for ged-emacs-devel@m.gmane.org; Sat, 22 Dec 2012 17:21:20 +0100 Original-Received: from localhost ([::1]:39064 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TmRov-00057b-QE for ged-emacs-devel@m.gmane.org; Sat, 22 Dec 2012 11:21:05 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:46619) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TmRop-00057N-F5 for emacs-devel@gnu.org; Sat, 22 Dec 2012 11:21:03 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TmRoo-0002Dv-5Q for emacs-devel@gnu.org; Sat, 22 Dec 2012 11:20:59 -0500 Original-Received: from ironport2-out.teksavvy.com ([206.248.154.182]:4697) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TmRoo-0002DO-18 for emacs-devel@gnu.org; Sat, 22 Dec 2012 11:20:58 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAG6Zu09FxLDj/2dsb2JhbABEtBGBCIIVAQEEAVYoCws0EhQYDYhABboJjSaDHgOIQppxgViDBw X-IronPort-AV: E=Sophos;i="4.75,637,1330923600"; d="scan'208";a="210563004" Original-Received: from 69-196-176-227.dsl.teksavvy.com (HELO pastel.home) ([69.196.176.227]) by ironport2-out.teksavvy.com with ESMTP/TLS/ADH-AES256-SHA; 22 Dec 2012 11:20:57 -0500 Original-Received: by pastel.home (Postfix, from userid 20848) id 0C49658EA5; Sat, 22 Dec 2012 11:20:56 -0500 (EST) In-Reply-To: <871uejlbm1.fsf@lifelogs.com> (Ted Zlatanov's message of "Fri, 21 Dec 2012 09:32:22 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 206.248.154.182 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:155773 Archived-At: > I also think `M-x list-packages' should define a `v' shortcut to file-find > the .el file or tarball that constitutes the package without installing > it. That will contribute to security and it's really convenient, too. Actually, "installation" has several steps: - download. - install per se (i.e. copies the files at an appropriate place). - compile. - setup (i.e. arrange things such that the package is in the load-path and its autoloads are active next time to start Emacs). The first two steps can be made to be safe. Stefan