GNU bug report logs - #32544
[ELPA] core packages need generated files

Previous Next

Package: emacs;

Reported by: Michael Albinus <michael.albinus <at> gmx.de>

Date: Mon, 27 Aug 2018 15:15:02 UTC

Severity: wishlist

Done: Stefan Monnier <monnier <at> iro.umontreal.ca>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 32544 <at> debbugs.gnu.org, Michael Albinus <michael.albinus <at> gmx.de>
Subject: bug#32544: [ELPA] core packages need generated files
Date: Tue, 28 Aug 2018 07:54:46 -0400

>> I think the reasons why I'm more worried about elpa.gnu.org than the
>> end-user's machines include:
>>
>> - very little time between the moment we receive the commit-diffs by
>>   email and the moment the code is run.  So even if we notice the
>>   offending code on the spot, there's not much time to react.
>> - elpa.gnu.org is part of infrastructure that Emacs users trust when
>>   downloading GNU ELPA packages (e.g. it holds the PGP signing key), so
>>   a breach could affect all GNU ELPA users (especially if not
>>   noticed).

One more reason:

- elpa.gnu.org *can* run that code in a sandbox, whereas the end-user
  really wants to run the package's code in his "real" system (or
  otherwise would need to run his whole Emacs session in a sandbox).

> Sounds very sensible, best of luck! :)

Hmm... looks like you forgot to attach the patch to your message.
Could you send it again, please?


        Stefan

This bug report was last modified 4 years and 235 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32544 [ELPA] core packages need generated files

GNU bug report logs - #32544
[ELPA] core packages need generated files