From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: ELPA policy Date: Thu, 12 Nov 2015 17:33:03 -0500 Message-ID: References: <87ziyuaqhl.fsf@petton.fr>> > <868u65afvh.fsf@stephe-leake.org> > <87lha5snji.fsf@isaac.fritz.box> > <87d1vhsmuj.fsf@isaac.fritz.box> > <878u65slue.fsf@isaac.fritz.box> > <874mgtsjwn.fsf@isaac.fritz.box> > <867flp8nb7.fsf@stephe-leake.org> <9e33129a-07d0-4abe-a94e-32d6d881519b@default> > <86bnb06g7g.fsf@stephe-leake.org>> > <86oaezemp9.fsf@stephe-leake.org> Reply-To: rms@gnu.org NNTP-Posting-Host: plane.gmane.org Content-Type: text/plain; charset=Utf-8 X-Trace: ger.gmane.org 1447367617 8470 80.91.229.3 (12 Nov 2015 22:33:37 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 12 Nov 2015 22:33:37 +0000 (UTC) Cc: jwiegley@gmail.com, drew.adams@oracle.com, emacs-devel@gnu.org To: Stephen Leake Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Nov 12 23:33:26 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Zx0Qo-0002YB-8f for ged-emacs-devel@m.gmane.org; Thu, 12 Nov 2015 23:33:26 +0100 Original-Received: from localhost ([::1]:50053 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zx0Qn-000294-FK for ged-emacs-devel@m.gmane.org; Thu, 12 Nov 2015 17:33:25 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52263) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zx0Qj-00025I-Gv for emacs-devel@gnu.org; Thu, 12 Nov 2015 17:33:22 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zx0Qi-0001J1-F0 for emacs-devel@gnu.org; Thu, 12 Nov 2015 17:33:21 -0500 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59957) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zx0QS-0001E2-Gg; Thu, 12 Nov 2015 17:33:04 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1Zx0QR-0004QE-Ga; Thu, 12 Nov 2015 17:33:03 -0500 In-reply-to: <86oaezemp9.fsf@stephe-leake.org> (message from Stephen Leake on Thu, 12 Nov 2015 00:49:54 -0600) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:194298 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Any malicious hacker can drop completely different code in that web > page, and thus get it into Gnu ELPA. Drew said the pages were locked. Doesn't that mean that only he has access to change them? > We will have replaced the security of private machines with whatever web > login that web page requires; that's a huge step backwards. I think you are concerned that someone might break the security on that other server and then install changes on it using Drew's account. In general, someone who breaks the security on a machine used by an Emacs contributor might be able to insert changes in Emacs by pretending to be that contributor. I don't think this is fundamentally different. But maybe the web site's security is not quite as good. We can make the security tighter. Drew, are you willing to GPG-sign your new versions? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.