[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Should package.el support notifying on package security updates
From: |
Stefan Kangas |
Subject: |
Re: Fwd: Should package.el support notifying on package security updates? |
Date: |
Fri, 12 Aug 2022 06:18:52 -0700 |
Tim Cross <theophilusx@gmail.com> writes:
> - There are actually very few security issues reported for Elisp
> packages. This doesn't mean there aren't any, only that they are
> discovered and reported very rarely.
If they are rare, that doesn't make them less important.
> - It would require package maintainers to somehow flag that an update is
> a security update
I find the maintainers of important packages to be highly conscientious
people, and that goes in particular the GNU ELPA maintainers. So I
don't share your concerns.
> I suspect if we added the functionality to flag an update as a security
> update, it is something which happens so rarely, nobody will use it and
> when they do, nobody will recognise what it really meant.
I think people will know the meaning, because it will presumably say
"security update" somewhere.
- Fwd: Should package.el support notifying on package security updates?, Gulshan Singh, 2022/08/07
- Re: Fwd: Should package.el support notifying on package security updates?, Matt Armstrong, 2022/08/11
- Re: Fwd: Should package.el support notifying on package security updates?, Tim Cross, 2022/08/11
- Re: Fwd: Should package.el support notifying on package security updates?, Stefan Monnier, 2022/08/12
- Re: Fwd: Should package.el support notifying on package security updates?, Tim Cross, 2022/08/12
- Re: Fwd: Should package.el support notifying on package security updates?, tomas, 2022/08/13
- Re: Fwd: Should package.el support notifying on package security updates?, Stefan Monnier, 2022/08/13
Re: Fwd: Should package.el support notifying on package security updates?, Richard Stallman, 2022/08/13