GNU bug report logs -
#74604
30.0.92; FR: M-x package-upgrade - offer an option to show a diff on upgrade
Previous Next
Full log
View this message in rfc822 format
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>>>> Such an option could help performing review casually as part of
>>>> the upgrade process and may improve the security of the package
>>>> archives. More eyes would look at new package versions. This would make
>>>> it harder to inject malicious code either via the source repository or
>>>> via attacks on the package archives.
>
> In addition to improving security it would encourage users to become
> familiar with the code, which is very much the driving force behind
> a lot of Emacs's design.
Yes, this is the point of the proposal.
>> Showing a source-code diff may be a bit technical for some users,
>> though. I wonder if there could be either a link to a changelog, or
>> a way to encourage a changelog convention so one could be displayed
>> for users prior to a decision to update a package.
>
> The prompt could offer a choice of "just upgrade / show news /
> show diff".
Good idea. I think I would also like to have a customization option
`package-upgrade-diff' where the behavior can be customized, since I
always want to see the diff even for my own packages to check if recent
changes have arrived.
If `package-upgrade-diff' is nil, the confirmation prompt could offer a
key to display the diff. A key could also be reserved to show the change
log in case it is present, but as I mentioned before in this bug report,
displaying the change log is not a security feature and the code as
"driving force" is hidden.
Daniel
This bug report was last modified 5 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.