all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* Where should security issues with GNU ELPA packages be reported?
@ 2024-03-28 13:40 Morgan Willcock
  2024-03-28 14:53 ` Emanuel Berg
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Morgan Willcock @ 2024-03-28 13:40 UTC (permalink / raw)
  To: emacs-devel

I think I have found a security issue with a package which is
distributed on GNU ELPA, and I am unsure who to notify.

Given that the package is technically part of Emacs, do I follow
whatever the procedure would be for disclosing security problems with
Emacs?  If so, what is that procedure?

Or should I e-mail the package author first?

Given that it is not the package author who is distributing the package,
I am unsure what to do.

-- 
Morgan Willcock



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-03-31 23:46 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-28 13:40 Where should security issues with GNU ELPA packages be reported? Morgan Willcock
2024-03-28 14:53 ` Emanuel Berg
2024-03-28 16:07 ` Philip Kaludercic
2024-03-28 17:14   ` Morgan Willcock
2024-03-29  5:53     ` Philip Kaludercic
2024-03-31 23:46 ` Richard Stallman

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.