On Sun, 13 Dec 2020 at 15:56, Richard Stallman <rms@gnu.org> wrote:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > > I think a mandatory requirement should simply be that any
>   > > packages which go into non-GNU ELPA are hosted on an approved
>   > > platform. We could point to a list of such hosting providers
>   > > e.g. https://www.gnu.org/software/repo-criteria-evaluation.html
>   > > and say Grade C or better only. .
>
>   > There is no such requirement for GNU ELPA at the moment.
>
> GNU ELPA packages are hosted inside GNU ELPA itself.  The package
> developers update their packages inside GNU ELPA.
>
> NonGNU ELPA will be quite different.  Packages will generally be
> hosted elsewhere.  We won't insist that the developers do things
> in the way we would consider acceptable in the GNU Project.
>
>
> Sorry, but I don't think this is an accurate statement. The GNU ELPA
repository has external packages where the code is primarily
maintained/developed externally, often on github. A 'regular' process pulls
the data into the GNU ELPA repository to generate new/updated package
versions.