GNU bug report logs -
#74604
30.0.92; FR: M-x package-upgrade - offer an option to show a diff on upgrade
Previous Next
Full log
View this message in rfc822 format
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>>>> Such an option could help performing review casually as part of
>>>> the upgrade process and may improve the security of the package
>>>> archives. More eyes would look at new package versions. This would make
>>>> it harder to inject malicious code either via the source repository or
>>>> via attacks on the package archives.
>
> In addition to improving security it would encourage users to become
> familiar with the code, which is very much the driving force behind
> a lot of Emacs's design.
Yes, this is the point of the proposal.
>> Showing a source-code diff may be a bit technical for some users,
>> though. I wonder if there could be either a link to a changelog, or
>> a way to encourage a changelog convention so one could be displayed
>> for users prior to a decision to update a package.
>
> The prompt could offer a choice of "just upgrade / show news /
> show diff".
Good idea. I think I would also like to have a customization option
`package-upgrade-diff' where the behavior can be customized, since I
always want to see the diff even for my own packages to check if recent
changes have arrived.
If `package-upgrade-diff' is nil, the confirmation prompt could offer a
key to display the diff. A key could also be reserved to show the change
log in case it is present, but as I mentioned before in this bug report,
displaying the change log is not a security feature and the code as
"driving force" is hidden.
Daniel
This bug report was last modified 150 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.