emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Should package.el support notifying on package security updates


From: Stefan Kangas
Subject: Re: Fwd: Should package.el support notifying on package security updates?
Date: Fri, 12 Aug 2022 06:18:52 -0700

Tim Cross <theophilusx@gmail.com> writes:

> - There are actually very few security issues reported for Elisp
>   packages. This doesn't mean there aren't any, only that they are
>   discovered and reported very rarely.

If they are rare, that doesn't make them less important.

> - It would require package maintainers to somehow flag that an update is
>   a security update

I find the maintainers of important packages to be highly conscientious
people, and that goes in particular the GNU ELPA maintainers.  So I
don't share your concerns.

> I suspect if we added the functionality to flag an update as a security
> update, it is something which happens so rarely, nobody will use it and
> when they do, nobody will recognise what it really meant.

I think people will know the meaning, because it will presumably say
"security update" somewhere.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]