From: Hongyi Zhao <hongyi.zhao@gmail.com>
To: Robert Thorpe <rt@robertthorpeconsulting.com>
Cc: help-gnu-emacs <help-gnu-emacs@gnu.org>,
arthur miller <arthur.miller@live.com>
Subject: Re: Sv: Install orgmode using its git repository.
Date: Wed, 30 Dec 2020 08:07:46 +0800 [thread overview]
Message-ID: <CAGP6PO+jkgh-_4MC3HwT7+fd=8uo+oBMDkkS5QW1iSgZgw9OZg@mail.gmail.com> (raw)
In-Reply-To: <877dp047hx.fsf@robertthorpeconsulting.com>
On Wed, Dec 30, 2020 at 5:40 AM Robert Thorpe
<rt@robertthorpeconsulting.com> wrote:
>
> For what it's worth, I agree with Arthur.
>
> I'd point out that this sort of thing has happened before. A Python
> package called "Colourama" was found to be manipulating bitcoin
> addresses. When you put a bitcoin address into the clipboard it would
> intercept it and replace it with a different one. Notice the British
> spelling, the legitimate package was called "Colorama". The "Colourama"
> package was a minor derivative with the bitcoin address trick added in.
>
> Something similar happened to the NPM Javascript library.
>
> We also have to remember that there's the possibility of people hacking
> things like github. Or obtaining the credentials of github users and
> their signing keys. The recent problems at the US DoD were caused by
> Solarwinds software. The hackers got into the Solarwinds source code
> repository (due to very lax security, github & gitlab are probably
> better). Once in the repository they made a few changes to the
> sourcecode to introduce a backdoor.
>
> As a result, I'm fairly wary of this idea of automatic downloading. On
> the other hand, for many packages it's hardly practical to read the
> whole sourcecode no matter how you obtain it.
Elisp, just as any lisp derivatives, has a very steep learning curve.
They all have a fairly simple grammatical structure at the first
glimpse but it is so difficult to master and use them skillfully.
BR,
--
Assoc. Prof. Hongyi Zhao <hongyi.zhao@gmail.com>
Theory and Simulation of Materials
Hebei Polytechnic University of Science and Technology engineering
NO. 552 North Gangtie Road, Xingtai, China
next prev parent reply other threads:[~2020-12-30 0:07 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-27 6:23 Install orgmode using its git repository Hongyi Zhao
2020-12-27 16:17 ` Stefan Monnier
2020-12-28 0:12 ` Hongyi Zhao
2020-12-28 5:13 ` David Masterson
2020-12-28 5:21 ` Stefan Monnier
2020-12-28 5:40 ` Hongyi Zhao
2020-12-28 8:08 ` Sv: " arthur miller
2020-12-28 15:53 ` Stefan Monnier
2020-12-28 21:43 ` David Masterson
2020-12-28 23:16 ` arthur miller
2020-12-29 15:33 ` Leo Butler
2020-12-29 17:16 ` arthur miller
2020-12-29 21:39 ` Robert Thorpe
2020-12-30 0:07 ` Hongyi Zhao [this message]
2020-12-29 17:18 ` arthur miller
2020-12-29 23:44 ` Hongyi Zhao
2020-12-28 15:52 ` Stefan Monnier
2020-12-27 17:50 ` Eli Zaretskii
2020-12-28 7:58 ` Sv: " arthur miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGP6PO+jkgh-_4MC3HwT7+fd=8uo+oBMDkkS5QW1iSgZgw9OZg@mail.gmail.com' \
--to=hongyi.zhao@gmail.com \
--cc=arthur.miller@live.com \
--cc=help-gnu-emacs@gnu.org \
--cc=rt@robertthorpeconsulting.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.