From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#19479: Package manager vulnerable Date: Sat, 02 Sep 2017 21:10:39 -0400 Message-ID: References: <0ylhjngoxs.fsf@fencepost.gnu.org> <5j6SB8Hmg5euoiN2VLa1iolGVWZxTvwQ1LnsgFUQiDZ@local> <83y3pxz3ta.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1504401095 17087 195.159.176.226 (3 Sep 2017 01:11:35 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 3 Sep 2017 01:11:35 +0000 (UTC) User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) Cc: 19479@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Sep 03 03:11:22 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1doJRP-0003QE-10 for geb-bug-gnu-emacs@m.gmane.org; Sun, 03 Sep 2017 03:11:11 +0200 Original-Received: from localhost ([::1]:48693 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doJRW-0002MW-4R for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Sep 2017 21:11:18 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:49993) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doJRK-0002LY-Mv for bug-gnu-emacs@gnu.org; Sat, 02 Sep 2017 21:11:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1doJRG-00050X-70 for bug-gnu-emacs@gnu.org; Sat, 02 Sep 2017 21:11:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:35621) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1doJRG-00050H-36 for bug-gnu-emacs@gnu.org; Sat, 02 Sep 2017 21:11:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1doJRF-0007ZZ-Rp for bug-gnu-emacs@gnu.org; Sat, 02 Sep 2017 21:11:01 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 03 Sep 2017 01:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 19479 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 19479-submit@debbugs.gnu.org id=B19479.150440105129094 (code B ref 19479); Sun, 03 Sep 2017 01:11:01 +0000 Original-Received: (at 19479) by debbugs.gnu.org; 3 Sep 2017 01:10:51 +0000 Original-Received: from localhost ([127.0.0.1]:44302 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1doJR5-0007ZB-Lz for submit@debbugs.gnu.org; Sat, 02 Sep 2017 21:10:51 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:58968) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1doJR4-0007Yz-Ig for 19479@debbugs.gnu.org; Sat, 02 Sep 2017 21:10:50 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1doJQu-0004lR-7k for 19479@debbugs.gnu.org; Sat, 02 Sep 2017 21:10:45 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:33947) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1doJQt-0004lB-Sd for 19479@debbugs.gnu.org; Sat, 02 Sep 2017 21:10:40 -0400 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1doJQt-0005Ax-C7; Sat, 02 Sep 2017 21:10:39 -0400 X-Spook: Transportation Security Administration Vince Foster Pine X-Ran: Zr,Zjc:Tv6\F_vq.N3:]H#,.3"o|{^$i/ggt%37pz>`g)"tbm'l,vv}Od8r!j&lzq\Pdw` X-Hue: green X-Attribution: GM X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:136523 Archived-At: [Dropping emacs-devel, since that seems unlikely to be productive given the lack of context.] Eli Zaretskii wrote: > Two and a half years later, with no one complaining about this, it > doesn't sound right for this issue to block the release of Emacs 26.1. The context here was security vulnerabilities in the package manager. Personally I'm uneasy with saying "we've ignored this for X years so let's continue to ignore it.". But I don't have anything substantive to add.