From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Bastien <bzg@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: security of the emacs package system, elpa, melpa and marmalade
Date: Fri, 27 Sep 2013 16:02:03 +0200
Message-ID: <87mwmyfjms.fsf@bzg.ath.cx>
References: <523FEE1B.9020408@binary-island.eu>
	<jwvy56n7hsj.fsf-monnier+emacs@gnu.org>
	<52429ABD.6090603@binary-island.eu>
	<jwvob7gx43e.fsf-monnier+emacs@gnu.org>
	<52432BE9.1070402@binary-island.eu> <871u4c5xrg.fsf@bzg.ath.cx>
	<5243F831.1000008@binary-island.eu>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1380290537 20129 80.91.229.3 (27 Sep 2013 14:02:17 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 27 Sep 2013 14:02:17 +0000 (UTC)
Cc: Stefan Monnier <monnier@IRO.UMontreal.CA>, emacs-devel@gnu.org
To: Matthias Dahl <ml_emacs-lists@binary-island.eu>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Sep 27 16:02:21 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VPYce-000264-HM
	for ged-emacs-devel@m.gmane.org; Fri, 27 Sep 2013 16:02:20 +0200
Original-Received: from localhost ([::1]:36764 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VPYce-0004Pf-51
	for ged-emacs-devel@m.gmane.org; Fri, 27 Sep 2013 10:02:20 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59316)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VPYcX-0004PR-4k
	for emacs-devel@gnu.org; Fri, 27 Sep 2013 10:02:17 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VPYcR-0001cD-P0
	for emacs-devel@gnu.org; Fri, 27 Sep 2013 10:02:13 -0400
Original-Received: from mail-wi0-x22d.google.com ([2a00:1450:400c:c05::22d]:61229)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bastienguerry@gmail.com>) id 1VPYcR-0001by-ET
	for emacs-devel@gnu.org; Fri, 27 Sep 2013 10:02:07 -0400
Original-Received: by mail-wi0-f173.google.com with SMTP id hq15so876179wib.12
	for <emacs-devel@gnu.org>; Fri, 27 Sep 2013 07:02:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:in-reply-to:references:user-agent:date
	:message-id:mime-version:content-type;
	bh=xxdKTi38tzl4du+c87w1I1h2KbalHsrGOG9Tr+wUuX0=;
	b=AXnruWv9B9zX8aZ1CBAo0aucy28fLE52+kA9Omvd42ibI2zWVkfmq/Wvh81SwksuE0
	LDzLhz4cyBN4ArCWd0rLLVyq+IHB8gXjyQqHaJzyoNxBxgDP8YrQK8M2FVZImLd13SEv
	yGPje03VFJpMp0nY0IJAt+bJTE5GDObps4b4tb762NlrKFq0tNrfRoBfN2QTwV+h06aN
	iFPfr58B9nAzwSVzGWRc26464GSo6BNCJQOWN4QID+A6L42TV4sufhvLlSUriuvLEn+q
	/jXughbsQ1KXfBEtF3K6QpS2ZfsmRz/+BeLhwdeFEM4BmL+S+xXozkjc0oe7hYv0Vmty
	Rkkg==
X-Received: by 10.194.176.163 with SMTP id cj3mr5998014wjc.8.1380290526534;
	Fri, 27 Sep 2013 07:02:06 -0700 (PDT)
Original-Received: from bzg.localdomain (vol75-5-82-226-35-66.fbx.proxad.net.
	[82.226.35.66])
	by mx.google.com with ESMTPSA id u15sm38866524wib.5.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Fri, 27 Sep 2013 07:02:04 -0700 (PDT)
Original-Received: by bzg.localdomain (Postfix, from userid 1000)
	id 2622A1C214FC; Fri, 27 Sep 2013 16:02:03 +0200 (CEST)
In-Reply-To: <5243F831.1000008@binary-island.eu> (Matthias Dahl's message of
	"Thu, 26 Sep 2013 11:02:41 +0200")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:400c:c05::22d
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:163676
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/163676>

Hi Matthias,

Matthias Dahl <ml_emacs-lists@binary-island.eu> writes:

> But actually this should not affect the core code of Emacs itself - at
> all. That audience with a limited Lisp skillset should not get repo
> write access in the first place and everything handed in as a patch gets
> through the community review process and is commented upon. So there is
> a nice learning process for the Lisp initiate and QA for the stuff that
> gets into Emacs.

This is how I ended up in /etc/DEVEL.HUMOR (see at the bottom):
  http://git.savannah.gnu.org/cgit/emacs.git/plain/etc/DEVEL.HUMOR?h=trunk

> Or am I overlooking something here?

Not really -- given enough eyeballs, all bugs are shallow, except
those bugs that do only exist for some super-eyes out there, I guess.

-- 
 Bastien