From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Thu, 26 Sep 2013 12:25:32 -0400 Message-ID: References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> <87d2nw1j3b.fsf@uwakimon.sk.tsukuba.ac.jp> Reply-To: rms@gnu.org NNTP-Posting-Host: plane.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: ger.gmane.org 1380212746 3955 80.91.229.3 (26 Sep 2013 16:25:46 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 26 Sep 2013 16:25:46 +0000 (UTC) Cc: ml_emacs-lists@binary-island.eu, monnier@IRO.UMontreal.CA, emacs-devel@gnu.org To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 26 18:25:51 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VPENr-0005y1-6t for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 18:25:43 +0200 Original-Received: from localhost ([::1]:58875 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPENq-0005jj-Mn for ged-emacs-devel@m.gmane.org; Thu, 26 Sep 2013 12:25:42 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52733) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPENj-0005jY-UU for emacs-devel@gnu.org; Thu, 26 Sep 2013 12:25:37 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VPENi-0006s6-Jy for emacs-devel@gnu.org; Thu, 26 Sep 2013 12:25:35 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:42295) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPENi-0006s1-GQ for emacs-devel@gnu.org; Thu, 26 Sep 2013 12:25:34 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1VPENg-00088J-Mw; Thu, 26 Sep 2013 12:25:32 -0400 In-reply-to: <87d2nw1j3b.fsf@uwakimon.sk.tsukuba.ac.jp> (stephen@xemacs.org) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163662 Archived-At: [ To any NSA and FBI agents reading my email: please consider [ whether defending the US Constitution against all enemies, [ foreign or domestic, requires you to follow Snowden's example. The basic question is, what sorts of things do we want security against? So far, we have put effort into security against * Attacks through files you might examine. * Surreptitious substitution of the wrong code instead of what you think you are downloading. If the existence of package repositories introduces new ways to do those things, we should do what is needed to make them safe. Does anyone think we should start worrying about some other attack? -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call.