From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: arthur miller Newsgroups: gmane.emacs.help Subject: RE: Sv: Install orgmode using its git repository. Date: Tue, 29 Dec 2020 17:16:29 +0000 Message-ID: References: , <86h7o4vd8c.fsf@x201.butler.org> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="11212"; mail-complaints-to="usenet@ciao.gmane.io" To: Leo Butler , help-gnu-emacs Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Tue Dec 29 18:17:27 2020 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kuIch-0002mQ-1L for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 29 Dec 2020 18:17:27 +0100 Original-Received: from localhost ([::1]:34120 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kuIcf-0005UT-Uq for geh-help-gnu-emacs@m.gmane-mx.org; Tue, 29 Dec 2020 12:17:25 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:49832) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kuIbw-0005TX-Qk for help-gnu-emacs@gnu.org; Tue, 29 Dec 2020 12:16:41 -0500 Original-Received: from mail-am7eur06olkn2066.outbound.protection.outlook.com ([40.92.16.66]:49177 helo=EUR06-AM7-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kuIbn-0008RF-Pa for help-gnu-emacs@gnu.org; Tue, 29 Dec 2020 12:16:40 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PXQB5N1u/D2QTLgwfd1rSFRdl9w5YQNqTd3L4oNE/607pm9vc5CjMCmLmoiMaxx+ibSCWvsZOtimTQLs33IDOKEG1mxvli4NXPPYcj+UepmMJdtOxEAO3TK/4DenJahvQHlAIRYNhRSfhSXFakxw23DlzKNsN54atEmSIS6XF2F8YZvQnX5eVIGLbj2GMi23OKk8IIAnj/iqv7HhnkWopER5f2qfL2E5A013OTv/d2xtbmra/SxpszJQsbvXo2reA8UBWaREUpVzmgJ68fmAH3lIeazmAAT1VpTW95QrijxllFu670r5W1WGR17MklTQo1U2nTC/uqHiVCyqzaUUvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=poUNy6sh8C3Q03ykIN/P9ndJALl6WIa9YGBntx72R1Y=; b=FHMnybhUYtZGgJuqVywEYxLDY6vrK29/FTGNXfX1G5d6TNuSwdrUMEQU4gDNx8hkPKfDTouA8AH36j/ma1GSWBhEXdGg/YzbMIlHOV5UbhY/sHkM89vdcncoL90JgIwR3HRpIrSk4Vv0Ybv4jpZnCGMsGHyaLZkKBAsv7YSgffVgTRe7BaUILUWS0mDJNT0KxXYs1h4I0n5pvxcqDrZB+r7OpC7xS7irtZHUpVzr9TajD4S8wb3vlDa2FvYjNZpzP8n1CkZeMf72nWYWA51scdOkVgId+knvtXdk1LINoIw0s3s/CIlk8RcTDc+tnM1xprP8WFYauCKC7Cvzd+ITMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=poUNy6sh8C3Q03ykIN/P9ndJALl6WIa9YGBntx72R1Y=; b=SH3IGXXmhAbMkEduBleFZ9vQ6zWAyyIxXAztPtTztMvrOcf6A405XXiJ3XN+/8NL45Lw8t5Ec0jZOhO/KRF3NDY4BoSVmGLrwXU7KzuErc424RZ2obxn5USK/U7/f9bfa1pfqp4+VqZ6HBeqlhmCTANRMfqPDP0d/C4iTBznLY/zaPA0RkqHZRPN29V/aFNpS8Ie5TxtO4EYVsLZD4Cx3xWy/uAf55NXN4G/F9MDmhosyK9RafKq+TPyE5HdeidNI5te6W6/JIN4L3WsEXv00yy/yaOzPpTUKRRJCSEHDA6XnoARmy2CasQknsQcsDRLhaa7YVcqrMtatpnqsEb30A== Original-Received: from AM7EUR06FT032.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc36::4b) by AM7EUR06HT190.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc36::208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27; Tue, 29 Dec 2020 17:16:29 +0000 Original-Received: from AM0PR06MB6577.eurprd06.prod.outlook.com (2a01:111:e400:fc36::53) by AM7EUR06FT032.mail.protection.outlook.com (2a01:111:e400:fc36::343) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3700.27 via Frontend Transport; Tue, 29 Dec 2020 17:16:29 +0000 Original-Received: from AM0PR06MB6577.eurprd06.prod.outlook.com ([fe80::9487:8c7d:da00:4993]) by AM0PR06MB6577.eurprd06.prod.outlook.com ([fe80::9487:8c7d:da00:4993%7]) with mapi id 15.20.3700.031; Tue, 29 Dec 2020 17:16:29 +0000 Thread-Topic: Sv: Install orgmode using its git repository. Thread-Index: AQHW3Bjaznl7J3VjC0Grm64qcoLuoKoLH4fAgACEnQCAAFZsZIAABSEAgAAnFGGAAOYn1IAAGdncgAEVbVyAABhN3g== In-Reply-To: <86h7o4vd8c.fsf@x201.butler.org> Accept-Language: sv-SE, en-US Content-Language: sv-SE x-incomingtopheadermarker: OriginalChecksum:9B54E3A1EEC776ECA51F990C1CA565D4D96EE967DBF6702FA0261CBBD697D42A; UpperCasedChecksum:905F46CAC8CACF7B2063A30AC86D884108E2E5BFFFB14A5D07ED128769D0D1FA; SizeAsReceived:7425; Count:44 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [wRMj3f1p9alW1Dmk7Xc2jwOnzi6ycjxV] x-ms-publictraffictype: Email x-incomingheadercount: 44 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 3b887a3c-0891-4899-e2ec-08d8ac1d7b1a x-ms-traffictypediagnostic: AM7EUR06HT190: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: OXqteILFe779/oLyEVnzRRxrF9N8D9LJWYrrfiRFx/queSYHg/bsXXGnDFKAU960NmkpBFa8+PKNXACsb2Ql8/pOBx06fM7e9y1hzBhX2OB+09+KOvOjLSg3a7LXkIT57enHOiTgF0kGtGV3VyHiBcrJ/n0T53nej2SYKYCv1TlnZNvM9HQODmzoRiRyUlwNojebSf9cYrxWGO6c5VeM/9TBxy7uRC3ISM0IsLU5RZk+xvTHdBhPdYsjW+9K3nFw x-ms-exchange-antispam-messagedata: +S2fdmFil2dFn5wKSQFecEuQDyBXYg+hcGa6CT1Jgbbj/rdGKL50FGKBA7uayhQCvxlm/56zrUYcVWuIyhuaZr34uCTPrAJEK4nfuMHCawZqLvjO+B7rNB7iR2hm3jNwUd5kpaXF0kwPm1S/OlMyLw== x-ms-exchange-transport-forked: True X-OriginatorOrg: live.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-AuthSource: AM7EUR06FT032.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 3b887a3c-0891-4899-e2ec-08d8ac1d7b1a X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Dec 2020 17:16:29.1835 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7EUR06HT190 Received-SPF: pass client-ip=40.92.16.66; envelope-from=arthur.miller@live.com; helo=EUR06-AM7-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:126902 Archived-At: I won't say anything about nix; it probably is very good and flexible syste= m. I am also sure containers (docker, kubernetes etc) could be utilized to = sandbox Emacs and what not. But I don't think it should not be mandatory. E= macs should run safe on bare metal. However it is all personal. People can do whatever they want with their com= puters, and there are already solutions that integrate random github repos:= quelpa and straight. But it is still individuals own initiative to use tho= se. I don't Emacs should have that built in. In my opinion it opens for more security risks then needed, and also for po= ssibility to very easy distribute binary blobs not compatible with GPL. It = is not very difficult to get in those in Emacs now either, but at least it = takes individual's own actions and is not automated from Emacs out of the b= ox. -------- Originalmeddelande -------- Fr=E5n: Leo Butler Datum: 2020-12-29 16:49 (GMT+01:00) Till: help-gnu-emacs =C4mne: Re: Sv: Install orgmode using its git repository. arthur miller writes: > N=F6je of that you write is particularly adequate "addressing" of potenti= al security vulnerability that let's potential malicious code 1) install an= ything on your machine 2) steal your data 3) destroy your data. > > Maybe a virtual machine, but then you wouldn't be running your Emacs for = anything sensitive or serious. Actually, *nix systems have a very good way to handle these kinds of threats without resort to such devices: users and groups. One can create a user account with very limited privileges for working with unvetted code, data, etc. Actually, I do this for developing new code, too. That way, whatever I break/change is contained within the confines of that account. > > A reviewed package from elpa/helps gives at least some guarantee that you= are not getting binary blobs and/or directly malicious code installed on y= our machine. Leo > > > -------- Originalmeddelande -------- > Fr=E5n: David Masterson > Datum: 2020-12-28 22:44 (GMT+01:00) > Till: arthur miller > Kopia: Hongyi Zhao , Stefan Monnier , help-gnu-emacs > =C4mne: Re: Sv: Install orgmode using its git repository. > > arthur miller writes: > >> I don't think it is very safe practice to install random Joe's code >> directly from some git repo. We have not yet seen malicious code (not >> what I know) in Emacs community, but Emacs in that respect is as bad >> as MS Office from time when VBA scripts (and viruses) were shared >> wildly around, or a web browserwith JS that can do anything. Remember >> time when JS was off by default in all browsers? Elisp can do >> whatever on your computer, so you should be careful what you >> install. Installing from random git repos can open you for more >> security problems then needed. I do clone lots from gitlab/github, but >> I always look at the code myself before I ever run it. >> >> Another point is that installing from git and different branches as it >> is possible with straight.el or quelpa (is what OP actually wants) can >> eventually lead to incompatibility between code that might be much >> harder to detect. I personally don't want to bother with latest-latest >> of all latest because eventually it could become a spagheti code of >> possible incompatibility and clashes. > > You can address these points in multiple ways: > > 1. A good backup and restore strategy > 2. Virtual machines (ie a chromebook) > 3. prioritize (m)elpa-stable over (m)elpa > 4. el-get can get particular version from git > ... > > -- > David Masterson