From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: security-patches package
Date: Fri, 22 Sep 2017 08:59:06 -0400 [thread overview]
Message-ID: <878th6dh45.fsf@lifelogs.com> (raw)
In-Reply-To: 877ewr253f.fsf@russet.org.uk
On Thu, 21 Sep 2017 21:01:56 +0100 phillip.lord@russet.org.uk (Phillip Lord) wrote:
PL> Ted Zlatanov <tzz@lifelogs.com> writes:
>> * how do we prevent accidental or malicious commits to this package?
>> Could it maybe live in a special "GNU ELPA security updates" archive
>> separate from elpa.git?
PL> I think this is not important. It wouldn't have any special privilege;
PL> i.e. the malicious user could do the same nasty things in any package.
PL> Accidental commits could just be controlled by constraining the
PL> *release* -- that is commits would be normal, but they wouldn't go live.
The proposition is to check these packages more frequently and for the
user to trust them more than any other packages, so I think there is
some value to that. But I'm OK with just using the GNU ELPA as long as
the packages are tagged in a special way.
>> * Can we do push notifications somehow or are we limited to polling?
PL> Polling. Worse polling at the users request, because ELPA doesn't also
PL> update.
PL> Changing ELPA to auto-update the archive would be a good thing to do, I
PL> think.
On Thu, 21 Sep 2017 23:12:47 -0400 Stefan Monnier <monnier@iro.umontreal.ca> wrote:
SM> I'm firmly opposed to making any program initiate network connections
SM> without explicit user request.
I understand the concern.
Let's say the user can turn auto checking on, but normally it will just
be a prominent menu item or button they can click to check for an update?
Ted
next prev parent reply other threads:[~2017-09-22 12:59 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-11 20:52 [ANNOUNCE] Emacs 25.3 released Nicolas Petton
2017-09-12 8:48 ` Andreas Schwab
2017-09-12 11:29 ` Nicolas Petton
2017-09-12 11:56 ` Andreas Schwab
2017-09-12 12:10 ` Rostislav Svoboda
2017-09-12 12:42 ` Eli Zaretskii
2017-09-12 12:44 ` Clément Pit-Claudel
2017-09-12 12:55 ` Nicolas Petton
2017-09-12 13:03 ` Andreas Schwab
2017-09-12 13:29 ` Rostislav Svoboda
2017-09-12 15:25 ` Eli Zaretskii
2017-09-12 15:48 ` Andreas Schwab
2017-09-12 15:55 ` Paul Eggert
2017-09-12 16:38 ` Eli Zaretskii
2017-09-12 18:26 ` Nicolas Petton
2017-09-12 19:09 ` Nicolas Petton
2017-09-12 16:38 ` Eli Zaretskii
2017-09-12 18:39 ` Nicolas Petton
2017-09-13 6:49 ` Andreas Schwab
2017-09-12 16:42 ` Rostislav Svoboda
2017-09-12 16:54 ` Eli Zaretskii
2017-09-12 18:38 ` Nicolas Petton
2017-09-12 18:57 ` Eli Zaretskii
2017-09-12 19:00 ` Robert Weiner
2017-09-12 20:49 ` martin rudalics
2017-09-12 22:05 ` Rostislav Svoboda
2017-09-12 23:39 ` Clément Pit-Claudel
2017-09-13 16:18 ` Tino Calancha
2017-09-13 16:39 ` Richard Stallman
2017-09-20 22:32 ` Tim Cross
2017-09-21 7:25 ` Richard Copley
2017-09-21 7:56 ` Eli Zaretskii
2017-09-21 18:53 ` Richard Copley
2017-09-21 19:15 ` Eli Zaretskii
2017-09-21 19:26 ` Richard Copley
2017-09-21 20:56 ` Phillip Lord
2017-09-22 7:08 ` Eli Zaretskii
2017-09-22 15:29 ` Richard Stallman
2017-09-27 10:18 ` Phillip Lord
2017-09-29 9:54 ` Stephen Leake
2017-09-29 10:46 ` Phillip Lord
2017-09-29 12:46 ` Richard Copley
2017-10-02 11:54 ` Phillip Lord
2017-09-30 7:22 ` Stephen Leake
2017-09-21 20:37 ` Phillip Lord
2017-09-22 2:02 ` Stephen Leake
2017-09-22 7:04 ` Eli Zaretskii
2017-09-12 15:22 ` Eli Zaretskii
2017-09-12 15:47 ` Andreas Schwab
2017-09-12 16:37 ` Eli Zaretskii
2017-09-13 6:45 ` Andreas Schwab
2017-09-13 6:50 ` Andreas Schwab
2017-09-13 7:07 ` Paul Eggert
2017-09-13 7:40 ` Nicolas Petton
2017-09-13 8:53 ` Paul Eggert
2017-09-13 8:57 ` Rostislav Svoboda
2017-09-13 14:51 ` Eli Zaretskii
2017-09-13 14:34 ` Eli Zaretskii
2017-09-13 8:24 ` Eli Zaretskii
2017-09-13 8:27 ` Andreas Schwab
2017-09-13 8:42 ` Eli Zaretskii
2017-09-13 8:48 ` Andreas Schwab
2017-09-13 14:36 ` Eli Zaretskii
2017-09-13 15:12 ` Mike Gerwitz
2017-09-13 15:57 ` Eli Zaretskii
2017-09-13 18:14 ` Nicolas Petton
2017-09-19 23:36 ` John Wiegley
2017-09-12 15:17 ` Eli Zaretskii
2017-09-12 22:13 ` Richard Stallman
2017-09-14 14:19 ` Jorge A. Alfaro-Murillo
2017-09-14 20:50 ` Richard Stallman
2017-09-13 1:41 ` Stefan Monnier
2017-09-12 12:40 ` Eli Zaretskii
2017-09-12 16:05 ` Philippe Vaucher
2017-09-12 16:30 ` Paul Eggert
2017-09-12 16:52 ` Eli Zaretskii
2017-09-12 18:26 ` Thien-Thi Nguyen
2017-09-12 18:49 ` Eli Zaretskii
2017-09-13 16:39 ` Richard Stallman
2017-09-13 16:39 ` Richard Stallman
2017-09-14 6:51 ` Thien-Thi Nguyen
2017-09-15 8:01 ` Eli Zaretskii
2017-09-12 16:40 ` Eli Zaretskii
2017-09-14 11:15 ` Philippe Vaucher
2017-09-12 22:11 ` Timur Aydin
2017-09-12 22:16 ` Richard Stallman
2017-09-12 16:06 ` Roland Winkler
2017-09-12 16:41 ` Paul Eggert
2017-09-12 16:54 ` Roland Winkler
2017-09-12 17:12 ` Eli Zaretskii
2017-09-12 17:40 ` Paul Eggert
2017-09-12 17:57 ` Eli Zaretskii
2017-09-12 18:29 ` Nicolas Petton
2017-09-13 16:39 ` Richard Stallman
2017-09-13 19:36 ` Ulrich Mueller
2017-09-14 1:42 ` Richard Stallman
2017-09-14 6:37 ` Ulrich Mueller
2017-09-14 13:24 ` Etienne Prud’homme
2017-09-14 15:01 ` Nicolas Petton
2017-09-14 20:52 ` [ANNOUNCE] " Richard Stallman
2017-09-12 16:42 ` Eli Zaretskii
2017-09-12 17:46 ` Phillip Lord
2017-09-13 1:46 ` Stefan Monnier
2017-09-14 19:49 ` security-patches package (was: [ANNOUNCE] Emacs 25.3 released) Ted Zlatanov
2017-09-15 12:32 ` security-patches package Stefan Monnier
2017-09-16 15:50 ` Ted Zlatanov
2017-09-21 20:01 ` Phillip Lord
2017-09-22 3:12 ` Stefan Monnier
[not found] ` <878th32hzx.fsf@russet.org.uk>
2017-09-25 10:24 ` Phillip Lord
2017-09-22 12:59 ` Ted Zlatanov [this message]
2017-09-23 4:15 ` Stephen Leake
2017-09-12 23:45 ` Hotfixing older Emacsen? Was: [ANNOUNCE] Emacs 25.3 released Clément Pit-Claudel
2017-09-14 10:05 ` Phillip Lord
2017-09-18 0:03 ` Richard Stallman
2017-09-18 7:48 ` Nicolas Petton
2017-09-18 11:38 ` Stefan Monnier
2017-09-18 20:31 ` Richard Stallman
2017-09-18 20:30 ` Richard Stallman
2017-09-13 18:40 ` Charles A. Roelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878th6dh45.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.