[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
|
From: |
Ted Zlatanov |
|
Subject: |
Re: ELPA security |
|
Date: |
Mon, 31 Dec 2012 17:19:23 -0500 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3.50 (gnu/linux) |
On Mon, 31 Dec 2012 11:57:58 -0800 "Drew Adams" <address@hidden> wrote:
Ted> add DVCS support to package.el, supporting Git and
Ted> Bazaar, with the notion of "pull packages from repo X
Ted> at tag/commit Y" in addition to the current "pull packages
Ted> from URLs". The VC package has to be involved
Ted> here, instead of writing custom code.
>>
>> What is the reason for this?
>>
>> FWIW, I considered and rejected this approach when writing package.el.
>> My reason was that I wanted packaging not to require any
>> external tools, so it would be available to all Emacs users.
>> Also, KISS.
>>
>> Mixing in VC seems to add a lot of potential failure modes.
DA> If Emacs Dev really wants to do this, why not separate it from package.el
and
DA> make its use optional?
The intent is to have securely authenticated packagess from the GNU ELPA
by default. Making the mechanism optional would defeat that plan. But
it should be easy to override and put in "warn-only" or "I don't care"
modes, I think.
Ted
- Re: package.el + DVCS for security and convenience, (continued)
- Re: ELPA security, Stefan Monnier, 2012/12/22
- Re: ELPA security, Paul Nathan, 2012/12/26
- Re: ELPA security, Ted Zlatanov, 2012/12/31
- Re: ELPA security, Stephen J. Turnbull, 2012/12/31
- Package signing infrastructure suggestion (was Re: ELPA security), Nic Ferrier, 2012/12/31
- Re: Package signing infrastructure suggestion (was Re: ELPA security), Ted Zlatanov, 2012/12/31
- Re: Package signing infrastructure suggestion (was Re: ELPA security), Xue Fuqiao, 2012/12/31
- Re: ELPA security, Tom Tromey, 2012/12/31
- RE: ELPA security, Drew Adams, 2012/12/31
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Ted Zlatanov, 2012/12/31